quasar | hxxps://gofile[.]io/d/AUisLq

General

Target

https://gofile.io/d/AUisLq
Sample

240522-s6rhjsgb9t

Score

10^/10

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

Zeno Executor 1

C2

192.168.1.11:1337

127.0.0.1:1337

90.240.254.189:1337

Mutex

1d47472a-e6f7-439b-ab91-dae8851d4186

Attributes

encryption_key
A760B7C4D8C29C1D6DFD20A6DC61EFD58C5CC452
install_name
ZN-Security.exe
log_directory
Logs
reconnect_delay
3000
startup_key
ZN-Security
subdirectory
Security

Targets

- Target
  
  https://gofile.io/d/AUisLq
Score

10^/10

quasar zeno executor 1 spyware trojan
- Quasar RAT
  Quasar is an open source Remote Access Tool.
  trojan spyware quasar
- Quasar payload
- Executes dropped EXE
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

1

T1053

Persistence

Scheduled Task/Job

1

T1053

Privilege Escalation

Scheduled Task/Job

1

T1053

Defense Evasion

Credential Access

Discovery

Query Registry

2

T1012

System Information Discovery

1

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Quasar RAT

Quasar payload

Executes dropped EXE

MITRE ATT&CK Enterprise v15

Tasks

static1

urlscan1

behavioral1