quasar | fe831f43955da5cacbdf9eb8331cb62907141cb0f566b53e5a5f222fe30ee78c | Triage

Submit
Reports

Overview

overview

Static

static

1

uni.bat

windows10-2004-x64

Sharing

General

Target

uni.bat
Size

15.5MB
Sample

240528-q5dh7ahb29
MD5

180cabfef9e517bf8a30eaf917fb06ca
SHA1

d47987045a7f1888b9a2a8c0159b5bd2c9d79274
SHA256

fe831f43955da5cacbdf9eb8331cb62907141cb0f566b53e5a5f222fe30ee78c
SHA512

91fed14301919d6a0514dd843e6ffaae07fc538199644f4c9033a3ef717a65974ba940ae6646fd4289c614138adbd385b3706169b1754cd8d5b9ef04891f91bb
SSDEEP

49152:mcIdr0nn+8BsYSVa+P+J0XCCeRWpsKlP7k7o6SwofCLl7w+i2+SpQf86Gtpek1GI:1

Score

10^/10

quasar execution spyware trojan

Static task

static1

Behavioral task

behavioral1

Sample

uni.bat

Resource

win10v2004-20240426-en

quasar execution spyware trojan

windows10-2004-x64

25 signatures

150 seconds

Malware Config

Extracted

Family

quasar

Attributes

reconnect_delay
3000

Targets

- Target
  
  uni.bat
- Size
  
  15.5MB
- MD5
  
  180cabfef9e517bf8a30eaf917fb06ca
- SHA1
  
  d47987045a7f1888b9a2a8c0159b5bd2c9d79274
- SHA256
  
  fe831f43955da5cacbdf9eb8331cb62907141cb0f566b53e5a5f222fe30ee78c
- SHA512
  
  91fed14301919d6a0514dd843e6ffaae07fc538199644f4c9033a3ef717a65974ba940ae6646fd4289c614138adbd385b3706169b1754cd8d5b9ef04891f91bb
- SSDEEP
  
  49152:mcIdr0nn+8BsYSVa+P+J0XCCeRWpsKlP7k7o6SwofCLl7w+i2+SpQf86Gtpek1GI:1
Score

10^/10

quasar execution spyware trojan
- Quasar RAT
  Quasar is an open source Remote Access Tool.
  trojan spyware quasar
- Quasar payload
- Command and Scripting Interpreter: PowerShell
  Run Powershell and hide display window.
  execution
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Executes dropped EXE
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Drops file in System32 directory
behavioral1

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Peripheral Device Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

quasarexecutionspywaretrojan

© 2018-2024

Terms | Privacy