quasar | 5eef436f510c0d49d022b096d0717b75cf35e93917dbb5c632c83bf66d4cbb16 | Triage

Submit
Reports

Overview

overview

Static

static

Uni.exe

windows11-21h2-x64

Sharing

General

Target

Uni.exe
Size

409KB
Sample

240519-hjbhpsfa57
MD5

885cfc4fc32053f0dc1cb8dbf50b8c7c
SHA1

9ea9a3529c159ace497a8bf2af5364004a019ba8
SHA256

5eef436f510c0d49d022b096d0717b75cf35e93917dbb5c632c83bf66d4cbb16
SHA512

2052781f4e56d8db075040d0bc0638be8a529bbdcfe765025ee5351c045ce8a570283c83bbee7f94aac3c913f0e5ba841e9a14a6a3349a097d59ff0c1b2d6f95
SSDEEP

6144:kMg2pJAJcC0B6gMBZ5T/cw+/Ew2azbs69yS79RII2ir7dO1sR:TpyJcC+7MBZ5T/O/ESxySBV2i3g1sR

Score

10^/10

quasar seroxen spyware trojan

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

Uni.exe

Resource

win11-20240508-en

quasar seroxen spyware trojan

windows11-21h2-x64

8 signatures

300 seconds

Malware Config

Extracted

Family

quasar

Version

3.1.5

Botnet

SeroXen

C2

releases-towards.gl.at.ply.gg:56527

Mutex

$Sxr-rpL8EItHN3pqIQQVy2

Attributes

encryption_key
hmoGJBcviPbEpJOEXtE4
install_name
Client.exe
log_directory
Logs
reconnect_delay
3000
startup_key
SeroXen
subdirectory
SubDir

Targets

- Target
  
  Uni.exe
- Size
  
  409KB
- MD5
  
  885cfc4fc32053f0dc1cb8dbf50b8c7c
- SHA1
  
  9ea9a3529c159ace497a8bf2af5364004a019ba8
- SHA256
  
  5eef436f510c0d49d022b096d0717b75cf35e93917dbb5c632c83bf66d4cbb16
- SHA512
  
  2052781f4e56d8db075040d0bc0638be8a529bbdcfe765025ee5351c045ce8a570283c83bbee7f94aac3c913f0e5ba841e9a14a6a3349a097d59ff0c1b2d6f95
- SSDEEP
  
  6144:kMg2pJAJcC0B6gMBZ5T/cw+/Ew2azbs69yS79RII2ir7dO1sR:TpyJcC+7MBZ5T/O/ESxySBV2i3g1sR
Score

10^/10

quasar seroxen spyware trojan
- Quasar RAT
  Quasar is an open source Remote Access Tool.
  trojan spyware quasar
- Quasar payload
- Executes dropped EXE
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

quasarseroxenspywaretrojan

© 2018-2024

Terms | Privacy