General
-
Target
95ac49ea8ca4c65c807bdd666ce103b3c37ba995e8bab38d705ddacb88f50305.exe
-
Size
1.3MB
-
Sample
240530-brpxqshd3z
-
MD5
96b4cf51bebab4887e19e4130ba179a8
-
SHA1
4366099721910192416f6df074659750fbd32d70
-
SHA256
95ac49ea8ca4c65c807bdd666ce103b3c37ba995e8bab38d705ddacb88f50305
-
SHA512
bd7498feeda13f37f06cc020b1ae373464994fa7de87666d7fe378f07d1d73dc67517546d2c0300be8e89ddaa6b4be67ad7130e59a19ebb63bba781539f210b3
-
SSDEEP
24576:mOyKHIdpTrwV7PF+hJZZYnm/d7u1o1Uwtl4CHvPos0Fl11Aapp+QX4:kKHerwV7PFqJZZem/Ru1YJrHHos0Fl34
Malware Config
Extracted
quasar
1.4.1
Office04
bin-inspections.gl.at.ply.gg:64055
536deaa9-57d2-448a-ae01-b604426d7fa6
-
encryption_key
DBB529B3F56F6D23695F8D7AC9BA28484A0D6D0F
-
install_name
Client.exe
-
log_directory
Logs
-
reconnect_delay
3000
-
startup_key
Quasar Client Startup
-
subdirectory
SubDir
Targets
-
-
Target
95ac49ea8ca4c65c807bdd666ce103b3c37ba995e8bab38d705ddacb88f50305.exe
-
Size
1.3MB
-
MD5
96b4cf51bebab4887e19e4130ba179a8
-
SHA1
4366099721910192416f6df074659750fbd32d70
-
SHA256
95ac49ea8ca4c65c807bdd666ce103b3c37ba995e8bab38d705ddacb88f50305
-
SHA512
bd7498feeda13f37f06cc020b1ae373464994fa7de87666d7fe378f07d1d73dc67517546d2c0300be8e89ddaa6b4be67ad7130e59a19ebb63bba781539f210b3
-
SSDEEP
24576:mOyKHIdpTrwV7PF+hJZZYnm/d7u1o1Uwtl4CHvPos0Fl11Aapp+QX4:kKHerwV7PFqJZZem/Ru1YJrHHos0Fl34
Score10/10-
Quasar RAT
Quasar is an open source Remote Access Tool.
-
Quasar payload
-
Detects Windows executables referencing non-Windows User-Agents
-
Detects binaries (Windows and macOS) referencing many web browsers. Observed in information stealers.
-
Detects executables containing common artifacts observed in infostealers
-
Blocklisted process makes network request
-
Command and Scripting Interpreter: PowerShell
Run Powershell and hide display window.
-
Adds Run key to start application
-