quasar | 1928b93e3d7d30a0e8c2f6ef17b6333f79a3ee628ede60c41b1885f74e7f3303 | Triage

Submit
Reports

Overview

overview

Static

static

3

1928b93e3d...03.exe

windows7-x64

3

1928b93e3d...03.exe

windows10-2004-x64

Sharing

General

Target

1928b93e3d7d30a0e8c2f6ef17b6333f79a3ee628ede60c41b1885f74e7f3303
Size

246KB
Sample

240522-xs4ceadb89
MD5

7a414a0203557d6985035ed07a9c87d2
SHA1

698b4ee59982ce8f7a0a1ce728919d1e8ba24232
SHA256

1928b93e3d7d30a0e8c2f6ef17b6333f79a3ee628ede60c41b1885f74e7f3303
SHA512

4abd06163c4694234746eb2af5f8cf54020ec48cfab4e67c81452165edc983d766c6272793c576a6dbd58ee28af5368e0d3fcdd04caed574f95347e6f4cb15ef
SSDEEP

384:cJrnR3yXmco3AFqZoQhTxHNuqjR/Kr+kx/1lo9s5O6INx9y0MGP/IJdEgbmB+l9m:SKynsnbDFOx9y0hLpKP3D+EWr

Score

10^/10

quasar dic_24_2022 spyware trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

1928b93e3d7d30a0e8c2f6ef17b6333f79a3ee628ede60c41b1885f74e7f3303.exe

Resource

win7-20240215-en

windows7-x64

3 signatures

150 seconds

Behavioral task

behavioral2

Sample

1928b93e3d7d30a0e8c2f6ef17b6333f79a3ee628ede60c41b1885f74e7f3303.exe

Resource

win10v2004-20240426-en

quasar dic_24_2022 spyware trojan

windows10-2004-x64

11 signatures

150 seconds

Malware Config

Extracted

Family

quasar

Version

1.3.0.0

Botnet

DIC_24_2022

C2

pvt4s.duckdns.org:5965

Mutex

QSR_MUTEX_0mtJom6P2Bzihbyysy

Attributes

encryption_key
YiIxVMW4LUWDLhxi5GCQ
install_name
Client.exe
log_directory
Logs888
reconnect_delay
3000
startup_key
qss
subdirectory
SubDir

Targets

- Target
  
  1928b93e3d7d30a0e8c2f6ef17b6333f79a3ee628ede60c41b1885f74e7f3303
- Size
  
  246KB
- MD5
  
  7a414a0203557d6985035ed07a9c87d2
- SHA1
  
  698b4ee59982ce8f7a0a1ce728919d1e8ba24232
- SHA256
  
  1928b93e3d7d30a0e8c2f6ef17b6333f79a3ee628ede60c41b1885f74e7f3303
- SHA512
  
  4abd06163c4694234746eb2af5f8cf54020ec48cfab4e67c81452165edc983d766c6272793c576a6dbd58ee28af5368e0d3fcdd04caed574f95347e6f4cb15ef
- SSDEEP
  
  384:cJrnR3yXmco3AFqZoQhTxHNuqjR/Kr+kx/1lo9s5O6INx9y0MGP/IJdEgbmB+l9m:SKynsnbDFOx9y0hLpKP3D+EWr
Score

10^/10

quasar dic_24_2022 spyware trojan
- Quasar RAT
  Quasar is an open source Remote Access Tool.
  trojan spyware quasar
- Quasar payload
- Detects Windows executables referencing non-Windows User-Agents
- Detects executables containing common artifacts observed in infostealers
- Drops startup file
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2

quasardic_24_2022spywaretrojan

© 2018-2024

Terms | Privacy