quasar | e37a2e844d1e25a064d475442d514b020e9950c465beee965df45f4e0f445c60 | Triage

Submit
Reports

Overview

overview

Static

static

CraxsRat 3.9.2.rar

windows10-1703-x64

CraxsRat 3.9.2.rar

windows7-x64

3

CraxsRat 3.9.2.rar

windows10-2004-x64

3

CraxsRat 3.9.2.rar

windows11-21h2-x64

3

Sharing

General

Target

CraxsRat 3.9.2.rar
Size

335.5MB
Sample

240525-p6157sch7s
MD5

ea8c95aec54968aa5358790411e37e6d
SHA1

05510fea19888a114801a160ba7771229b2afb71
SHA256

e37a2e844d1e25a064d475442d514b020e9950c465beee965df45f4e0f445c60
SHA512

1f30339aa05641746c102d5810a21c6633eae3966d3802d4d44090edc3f51cc9b9d917ddcd5688a537a8d714d37f37bc5293fcf15f250de93536576edca17436
SSDEEP

6291456:/9vuWlbABKecinWAsHQcwSsMykkRm0yP8SkyykkRm0yP8SkO:/9G4sKo0HvwSvd78Cd78W

Score

10^/10

quasar hacked by craxsrat spyware trojan upx

Static task

static1

upx hacked by craxsrat quasar

4 signatures

Behavioral task

behavioral1

Sample

CraxsRat 3.9.2.rar

Resource

win10-20240404-en

quasar hacked by craxsrat spyware trojan upx

windows10-1703-x64

16 signatures

150 seconds

Behavioral task

behavioral2

Sample

CraxsRat 3.9.2.rar

Resource

win7-20240508-en

windows7-x64

8 signatures

150 seconds

Behavioral task

behavioral3

Sample

CraxsRat 3.9.2.rar

Resource

win10v2004-20240426-en

windows10-2004-x64

3 signatures

150 seconds

Behavioral task

behavioral4

Sample

CraxsRat 3.9.2.rar

Resource

win11-20240508-en

windows11-21h2-x64

3 signatures

150 seconds

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

Hacked by CraxsRat

C2

hack4money.myftp.org:10067

Mutex

6b9b4d43-c223-49a2-9050-e462f566915f

Attributes

encryption_key
99DFDADE8D77070B46DB1CB1E60163A871819F59
install_name
SearchApp.exe
log_directory
Logs
reconnect_delay
30000
startup_key
Windows Product Key Sucessfully Activated
subdirectory
System

Targets

- Target
  
  CraxsRat 3.9.2.rar
- Size
  
  335.5MB
- MD5
  
  ea8c95aec54968aa5358790411e37e6d
- SHA1
  
  05510fea19888a114801a160ba7771229b2afb71
- SHA256
  
  e37a2e844d1e25a064d475442d514b020e9950c465beee965df45f4e0f445c60
- SHA512
  
  1f30339aa05641746c102d5810a21c6633eae3966d3802d4d44090edc3f51cc9b9d917ddcd5688a537a8d714d37f37bc5293fcf15f250de93536576edca17436
- SSDEEP
  
  6291456:/9vuWlbABKecinWAsHQcwSsMykkRm0yP8SkyykkRm0yP8SkO:/9G4sKo0HvwSvd78Cd78W
Score

10^/10

quasar hacked by craxsrat spyware trojan upx
- Quasar RAT
  Quasar is an open source Remote Access Tool.
  trojan spyware quasar
- Quasar payload
- Executes dropped EXE
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Drops file in System32 directory
behavioral1 behavioral2 behavioral3 behavioral4

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Credential Access

Discovery

System Information Discovery

Query Registry

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

upxhacked by craxsratquasar

behavioral1

quasarhacked by craxsratspywaretrojanupx

behavioral2

behavioral3

behavioral4

© 2018-2024

Terms | Privacy