quasar | 918a07427a6aa97d1f0480a654547fcaf7185228c6bc41d88b19dd740cf4d036 | Triage

Sharing

General

Target

RuthlessBAT.bat
Size

1.7MB
Sample

240519-n1mvysga75
MD5

a86b86c2e7182356c6149674ddc26848
SHA1

322292824444ca6a442f881498baac17506eea34
SHA256

918a07427a6aa97d1f0480a654547fcaf7185228c6bc41d88b19dd740cf4d036
SHA512

2111dd5b4b2ab69980ec8b8a851c2ca29aa97a14585535ff2af1b70432f741126578db5f6c50f8cd3623a7f6a27a8fb4ef8275a536b67415abba24dec7f5e3a9
SSDEEP

24576:2b0CZMqoDtzIt2Ipwh+o4w8VV3fgRihOuReKlOX1+ZfHR9QaAHfimfoK6+nZq:2PcY2lMtYXQZg2

Score

10^/10

quasar slave execution spyware trojan

Malware Config

Extracted

Family

quasar

Version

1.0.0

Botnet

SLAVE

C2

193.34.77.188:6969

Mutex

709ae576-840d-4df5-9c14-3fb7e062cf25

Attributes

encryption_key
8B3D2D2549599D0ED109F63D47FFC788BAA34A06
install_name
Client.exe
log_directory
Logs
reconnect_delay
3000
startup_key
Ruthless Client Startup
subdirectory
SubDir

Targets

- Target
  
  RuthlessBAT.bat
- Size
  
  1.7MB
- MD5
  
  a86b86c2e7182356c6149674ddc26848
- SHA1
  
  322292824444ca6a442f881498baac17506eea34
- SHA256
  
  918a07427a6aa97d1f0480a654547fcaf7185228c6bc41d88b19dd740cf4d036
- SHA512
  
  2111dd5b4b2ab69980ec8b8a851c2ca29aa97a14585535ff2af1b70432f741126578db5f6c50f8cd3623a7f6a27a8fb4ef8275a536b67415abba24dec7f5e3a9
- SSDEEP
  
  24576:2b0CZMqoDtzIt2Ipwh+o4w8VV3fgRihOuReKlOX1+ZfHR9QaAHfimfoK6+nZq:2PcY2lMtYXQZg2
Score

10^/10

quasar slave execution spyware trojan
- Quasar RAT
  Quasar is an open source Remote Access Tool.
  trojan spyware quasar
- Quasar payload
- Blocklisted process makes network request
- Command and Scripting Interpreter: PowerShell
  Run Powershell and hide display window.
  execution
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

quasarslaveexecutionspywaretrojan