quasar | 8860dd0f1793f1585f0862dad7c6c1aad2f6f20352620ffbd85acbec37274e65 | Triage

Submit
Reports

Overview

overview

Static

static

3

6f0e102a9b...18.exe

windows7-x64

6f0e102a9b...18.exe

windows10-2004-x64

Sharing

General

Target

6f0e102a9b5a459f182e5b0501ab2315_JaffaCakes118
Size

844KB
Sample

240524-tdy8csbf26
MD5

6f0e102a9b5a459f182e5b0501ab2315
SHA1

f121b12f1ee6d672ff1a44eb88fe4669ff8f308c
SHA256

8860dd0f1793f1585f0862dad7c6c1aad2f6f20352620ffbd85acbec37274e65
SHA512

773fae77ebf65ae8c44cfd122047c693b2da95af5456a4e9f72bbc85e17fabc37200e96fc793c30dee871048769501fe9b01bbf4b338a515cc5fd526316c5047
SSDEEP

24576:aSW6SIhZbWsv+6szFB8hxe9KXGIY2rT9UmViIGS/SJOqLc9:a9aMfHD9KXd7rTWC/MOqLc9

Score

10^/10

quasar qua2 spyware trojan upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

6f0e102a9b5a459f182e5b0501ab2315_JaffaCakes118.exe

Resource

win7-20240419-en

quasar qua2 spyware trojan upx

windows7-x64

14 signatures

150 seconds

Behavioral task

behavioral2

Sample

6f0e102a9b5a459f182e5b0501ab2315_JaffaCakes118.exe

Resource

win10v2004-20240508-en

quasar qua2 spyware trojan upx

windows10-2004-x64

13 signatures

150 seconds

Malware Config

Extracted

Family

quasar

Version

1.3.0.0

Botnet

qua2

C2

79.134.225.77:1973

Mutex

QSR_MUTEX_rVn0OUE8f1tzJgSd1f

Attributes

encryption_key
lOSR71Cu22ACEpzOi042
install_name
Client.exe
log_directory
Logs
reconnect_delay
3000
startup_key
Quasar Client Startup
subdirectory
SubDir

Targets

- Target
  
  6f0e102a9b5a459f182e5b0501ab2315_JaffaCakes118
- Size
  
  844KB
- MD5
  
  6f0e102a9b5a459f182e5b0501ab2315
- SHA1
  
  f121b12f1ee6d672ff1a44eb88fe4669ff8f308c
- SHA256
  
  8860dd0f1793f1585f0862dad7c6c1aad2f6f20352620ffbd85acbec37274e65
- SHA512
  
  773fae77ebf65ae8c44cfd122047c693b2da95af5456a4e9f72bbc85e17fabc37200e96fc793c30dee871048769501fe9b01bbf4b338a515cc5fd526316c5047
- SSDEEP
  
  24576:aSW6SIhZbWsv+6szFB8hxe9KXGIY2rT9UmViIGS/SJOqLc9:a9aMfHD9KXd7rTWC/MOqLc9
Score

10^/10

quasar qua2 spyware trojan upx
- Quasar RAT
  Quasar is an open source Remote Access Tool.
  trojan spyware quasar
- Quasar payload
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

quasarqua2spywaretrojanupx

behavioral2

quasarqua2spywaretrojanupx

© 2018-2024

Terms | Privacy