quasar | b53ae247bae6ac6ee53bf0c2a53ab4a98f3e0f26234e7a886a7e5db1d7ff2685 | Triage

Submit
Reports

Overview

overview

Static

static

5cb393129c...18.exe

windows7-x64

5cb393129c...18.exe

windows10-2004-x64

Sharing

General

Target

5cb393129c64579c40c710393d5cf0b3_JaffaCakes118
Size

349KB
Sample

240520-cvcbgsfh5s
MD5

5cb393129c64579c40c710393d5cf0b3
SHA1

ed055afba02e96d01846aea13dd33fa356c457e6
SHA256

b53ae247bae6ac6ee53bf0c2a53ab4a98f3e0f26234e7a886a7e5db1d7ff2685
SHA512

e306a5ddc0b60dc24853d888f1bacee7c359ac043cd3d8e36eb5a8e5caa457549585cf16050084689cb2018a420a082f9f68f4c1f8ddf894eaf1b6339152a826
SSDEEP

6144:uK2J10qdSlEc39HGWQfSdwl/CKidLDLNbFTUIhO9Ivbi0Z:uKFD3wl6KidLDHQIQ9IDi0Z

Score

10^/10

quasar desktop spyware trojan

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

5cb393129c64579c40c710393d5cf0b3_JaffaCakes118.exe

Resource

win7-20240215-en

quasar desktop spyware trojan

windows7-x64

9 signatures

150 seconds

Behavioral task

behavioral2

Sample

5cb393129c64579c40c710393d5cf0b3_JaffaCakes118.exe

Resource

win10v2004-20240508-en

quasar desktop spyware trojan

windows10-2004-x64

8 signatures

150 seconds

Malware Config

Extracted

Family

quasar

Version

1.3.0.0

Botnet

DESKTOP

C2

192.168.0.4:4782

127.0.0.1:4782

78.236.157.250:25565

Mutex

QSR_MUTEX_1ghurBw7SYWm4hcoxp

Attributes

encryption_key
q0AJ45H6UJPXERK0E6ML
install_name
System Auto Update.exe
log_directory
Logs
reconnect_delay
3000
startup_key
System Auto Update
subdirectory
SubDir

Targets

- Target
  
  5cb393129c64579c40c710393d5cf0b3_JaffaCakes118
- Size
  
  349KB
- MD5
  
  5cb393129c64579c40c710393d5cf0b3
- SHA1
  
  ed055afba02e96d01846aea13dd33fa356c457e6
- SHA256
  
  b53ae247bae6ac6ee53bf0c2a53ab4a98f3e0f26234e7a886a7e5db1d7ff2685
- SHA512
  
  e306a5ddc0b60dc24853d888f1bacee7c359ac043cd3d8e36eb5a8e5caa457549585cf16050084689cb2018a420a082f9f68f4c1f8ddf894eaf1b6339152a826
- SSDEEP
  
  6144:uK2J10qdSlEc39HGWQfSdwl/CKidLDLNbFTUIhO9Ivbi0Z:uKFD3wl6KidLDHQIQ9IDi0Z
Score

10^/10

quasar desktop spyware trojan
- Quasar RAT
  Quasar is an open source Remote Access Tool.
  trojan spyware quasar
- Quasar payload
- Executes dropped EXE
- Loads dropped DLL
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

quasardesktopspywaretrojan

behavioral2

quasardesktopspywaretrojan

© 2018-2024

Terms | Privacy