quasar | 489d79372f4dd063454ee6345567b4cc799262ccbc28ac56ccde8ab8376bdb4f | Triage

Submit
Reports

Overview

overview

Static

static

6e0afb3139...18.exe

windows7-x64

6e0afb3139...18.exe

windows10-2004-x64

Sharing

General

Target

6e0afb3139f4a822fb8e62492fbff4f4_JaffaCakes118
Size

348KB
Sample

240524-lfq1rscf23
MD5

6e0afb3139f4a822fb8e62492fbff4f4
SHA1

8acc07d47261f85b951beae1318e8a06ee5b1e62
SHA256

489d79372f4dd063454ee6345567b4cc799262ccbc28ac56ccde8ab8376bdb4f
SHA512

6ea362c2c8f7d4a3ac22cde95e2680e102f36e775cc6dadabbd3d71912c7c0e5034426c78c55261b5910512b7a54273edc9b04c872516f001dc2cb03f68f5393
SSDEEP

6144:ocNHXf500MoE0y0AsNibhU7Z2eCwKlJ8zVefSuDi:Nd50N0yIWUpCll6VefRDi

Score

10^/10

quasar monero1 spyware trojan

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

6e0afb3139f4a822fb8e62492fbff4f4_JaffaCakes118.exe

Resource

win7-20240220-en

quasar monero1 spyware trojan

windows7-x64

8 signatures

150 seconds

Behavioral task

behavioral2

Sample

6e0afb3139f4a822fb8e62492fbff4f4_JaffaCakes118.exe

Resource

win10v2004-20240426-en

quasar monero1 spyware trojan

windows10-2004-x64

7 signatures

150 seconds

Malware Config

Extracted

Family

quasar

Version

1.3.0.0

Botnet

Monero1

C2

75.139.0.160:9871

108.72.117.71:9871

Mutex

QSR_MUTEX_SjYNYmwyMIEGFFUXAW

Attributes

encryption_key
lGV9pIlTiS49bFQmGvYu
install_name
Quas2.exe
log_directory
Logs
reconnect_delay
3000
startup_key
Monero2
subdirectory
quasr2

Targets

- Target
  
  6e0afb3139f4a822fb8e62492fbff4f4_JaffaCakes118
- Size
  
  348KB
- MD5
  
  6e0afb3139f4a822fb8e62492fbff4f4
- SHA1
  
  8acc07d47261f85b951beae1318e8a06ee5b1e62
- SHA256
  
  489d79372f4dd063454ee6345567b4cc799262ccbc28ac56ccde8ab8376bdb4f
- SHA512
  
  6ea362c2c8f7d4a3ac22cde95e2680e102f36e775cc6dadabbd3d71912c7c0e5034426c78c55261b5910512b7a54273edc9b04c872516f001dc2cb03f68f5393
- SSDEEP
  
  6144:ocNHXf500MoE0y0AsNibhU7Z2eCwKlJ8zVefSuDi:Nd50N0yIWUpCll6VefRDi
Score

10^/10

quasar monero1 spyware trojan
- Quasar RAT
  Quasar is an open source Remote Access Tool.
  trojan spyware quasar
- Quasar payload
- Executes dropped EXE
- Loads dropped DLL
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

quasarmonero1spywaretrojan

behavioral2

quasarmonero1spywaretrojan

© 2018-2024

Terms | Privacy