quasar | 79f1c664fbd6e7d4c2b5d80334beada369f6dfd124fb381eb369a5614612d742 | Triage

Sharing

General

Target

dfsdfsdfdfd.bat
Size

3.1MB
Sample

240518-erxjcsbd92
MD5

0a58848ce845e34a7d2dbc19ce098273
SHA1

94f5f718236ea1e03e3fca2c94379091bcde7b0a
SHA256

79f1c664fbd6e7d4c2b5d80334beada369f6dfd124fb381eb369a5614612d742
SHA512

b8bd4d237def9bee465f59c7e7613992117625495ddbf5882daf1869fb99949da08d488e452d8dafc191cebaff5368cc417988251d08076727d1c24336d9098e
SSDEEP

49152:znu22u/gq5TvoJdoXJ+vtFOxSvvE+6hew+zDkoq7sNQ0TBYVlMeCEvT:B

Score

10^/10

quasar niggger execution spyware trojan

Malware Config

Extracted

Family

quasar

Attributes

reconnect_delay
3000

Extracted

Family

quasar

Version

1.4.1

Botnet

Niggger

C2

2600:1700:b1e0:a330:b9ee:2632:e244:9a9:4782

Mutex

2e7c6a16-860e-42fe-9feb-98d63fa4f025

Attributes

encryption_key
D8AAEEC300C8107099917E1DA2F8BCD2181F4CE6
install_name
windowsactivator.exe
log_directory
Logs
reconnect_delay
3000
startup_key
windowsactivator
subdirectory
windowsactivator

Targets

- Target
  
  dfsdfsdfdfd.bat
- Size
  
  3.1MB
- MD5
  
  0a58848ce845e34a7d2dbc19ce098273
- SHA1
  
  94f5f718236ea1e03e3fca2c94379091bcde7b0a
- SHA256
  
  79f1c664fbd6e7d4c2b5d80334beada369f6dfd124fb381eb369a5614612d742
- SHA512
  
  b8bd4d237def9bee465f59c7e7613992117625495ddbf5882daf1869fb99949da08d488e452d8dafc191cebaff5368cc417988251d08076727d1c24336d9098e
- SSDEEP
  
  49152:znu22u/gq5TvoJdoXJ+vtFOxSvvE+6hew+zDkoq7sNQ0TBYVlMeCEvT:B
Score

10^/10

execution quasar niggger spyware trojan
- Quasar RAT
  Quasar is an open source Remote Access Tool.
  trojan spyware quasar
- Quasar payload
- Executes dropped EXE
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Credential Access

Discovery

Query Registry

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

quasarnigggerexecutionspywaretrojan