quasar | b923f253757397be0e1b86c92a0854d0eef612fcc3c99fd5be8f96e309d8d5fd | Triage

Submit
Reports

Overview

overview

Static

static

b923f25375...fd.exe

windows7-x64

b923f25375...fd.exe

windows10-2004-x64

Sharing

General

Target

b923f253757397be0e1b86c92a0854d0eef612fcc3c99fd5be8f96e309d8d5fd
Size

539KB
Sample

240527-ceernscc5z
MD5

c05d4bfb1c0e89db58fa981980938b76
SHA1

12801b26c7b68224c8540ad08ad9387110d0fd46
SHA256

b923f253757397be0e1b86c92a0854d0eef612fcc3c99fd5be8f96e309d8d5fd
SHA512

926f6d48a44b7b56667e5b74dc3f7cff513f6ae02edd07df0ca2e5bc21690e5cdef77213307d8595a9a4127b582f5fc50aab0b97350e08b7486c33e4ada651c5
SSDEEP

12288:unm5pMGjw5LSk0zWbzGsoYFAY7NvlDmmM:um5GGjw5LSk0zWbzRoYbvlSH

Score

10^/10

quasar controlhost spyware trojan

Static task

static1

controlhost quasar

4 signatures

Behavioral task

behavioral1

Sample

b923f253757397be0e1b86c92a0854d0eef612fcc3c99fd5be8f96e309d8d5fd.exe

Resource

win7-20240508-en

quasar controlhost spyware trojan

windows7-x64

11 signatures

150 seconds

Behavioral task

behavioral2

Sample

b923f253757397be0e1b86c92a0854d0eef612fcc3c99fd5be8f96e309d8d5fd.exe

Resource

win10v2004-20240508-en

quasar controlhost spyware trojan

windows10-2004-x64

12 signatures

150 seconds

Malware Config

Extracted

Family

quasar

Version

1.3.0.0

Botnet

Controlhost

C2

121.43.158.106:4782

yc01h.11ychos.xyz:4782

Mutex

QSR_MUTEX_GFWuzMTNQOijYUKopR

Attributes

encryption_key
Xym3BhtshKCyrit7obQT8XbWGz4i7Yw4
install_name
Controlhost.exe
log_directory
Logs
reconnect_delay
3000
startup_key
Controlhost
subdirectory
Controlhost

Targets

- Target
  
  b923f253757397be0e1b86c92a0854d0eef612fcc3c99fd5be8f96e309d8d5fd
- Size
  
  539KB
- MD5
  
  c05d4bfb1c0e89db58fa981980938b76
- SHA1
  
  12801b26c7b68224c8540ad08ad9387110d0fd46
- SHA256
  
  b923f253757397be0e1b86c92a0854d0eef612fcc3c99fd5be8f96e309d8d5fd
- SHA512
  
  926f6d48a44b7b56667e5b74dc3f7cff513f6ae02edd07df0ca2e5bc21690e5cdef77213307d8595a9a4127b582f5fc50aab0b97350e08b7486c33e4ada651c5
- SSDEEP
  
  12288:unm5pMGjw5LSk0zWbzGsoYFAY7NvlDmmM:um5GGjw5LSk0zWbzRoYbvlSH
Score

10^/10

quasar controlhost spyware trojan
- Quasar RAT
  Quasar is an open source Remote Access Tool.
  trojan spyware quasar
- Quasar payload
- Detects Windows executables referencing non-Windows User-Agents
- Detects executables containing common artifacts observed in infostealers
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Remote System Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

controlhostquasar

behavioral1

quasarcontrolhostspywaretrojan

behavioral2

quasarcontrolhostspywaretrojan

© 2018-2024

Terms | Privacy