quasar | 7e5e87faf066201221548d5a8912582d7cdff43dac06331b68aa81a072f8bd21 | Triage

Submit
Reports

Overview

overview

Static

static

3

ConsoleSniffer.exe

windows11-21h2-x64

Sharing

General

Target

ConsoleSniffer.exe
Size

1.1MB
Sample

240519-2fw5saeb58
MD5

df5a226b6c70691c85cbf776a17fd221
SHA1

b9007715c4c3775c6df8ad77c745df0ca1f97650
SHA256

7e5e87faf066201221548d5a8912582d7cdff43dac06331b68aa81a072f8bd21
SHA512

fd0d4d8a86cd155a62dbaa023ee2f6ae83a39d7a7b927aa7401f598b9edbce47ef4bb850f82a76a1f61549357193742541c38468bd3f68f84979dd5b395b136a
SSDEEP

24576:T4JMDRy3iWOdqZjdV5vQukdLAk+C4j6tqYsbMGYq+OiDnQArGC11W84UQBrPatc8:ToMDY/kL+ClNtn

Score

10^/10

quasar target spyware trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

ConsoleSniffer.exe

Resource

win11-20240508-en

quasar target spyware trojan

windows11-21h2-x64

16 signatures

150 seconds

Malware Config

Extracted

Family

quasar

Version

1.3.0.0

Botnet

Target

C2

185.217.1.170:56098

Mutex

QSR_MUTEX_mXJYTiCQWK23RFk8eh

Attributes

encryption_key
ieA7XwTMJRwb9d92uUFd
install_name
WindowsRun.exe
log_directory
Logs
reconnect_delay
300
startup_key
WindowsRuntiime
subdirectory
WindowsRep

Targets

- Target
  
  ConsoleSniffer.exe
- Size
  
  1.1MB
- MD5
  
  df5a226b6c70691c85cbf776a17fd221
- SHA1
  
  b9007715c4c3775c6df8ad77c745df0ca1f97650
- SHA256
  
  7e5e87faf066201221548d5a8912582d7cdff43dac06331b68aa81a072f8bd21
- SHA512
  
  fd0d4d8a86cd155a62dbaa023ee2f6ae83a39d7a7b927aa7401f598b9edbce47ef4bb850f82a76a1f61549357193742541c38468bd3f68f84979dd5b395b136a
- SSDEEP
  
  24576:T4JMDRy3iWOdqZjdV5vQukdLAk+C4j6tqYsbMGYq+OiDnQArGC11W84UQBrPatc8:ToMDY/kL+ClNtn
Score

10^/10

quasar target spyware trojan
- Quasar RAT
  Quasar is an open source Remote Access Tool.
  trojan spyware quasar
- Quasar payload
- Drops file in Drivers directory
- Executes dropped EXE
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Credential Access

Discovery

System Information Discovery

Query Registry

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

quasartargetspywaretrojan

© 2018-2024

Terms | Privacy