quasar | 38defd519e3b007e7590a2dc8101f356806b1f1cdcdba3eccfa0afc46b2f8577 | Triage

Sharing

General

Target

Uni.bat
Size

511KB
Sample

240530-md891aeb2s
MD5

9fb9372aca1d8d842589419264c8ae62
SHA1

9313414673f343c9bb14939c6c14697dcdfc1aa0
SHA256

38defd519e3b007e7590a2dc8101f356806b1f1cdcdba3eccfa0afc46b2f8577
SHA512

10b935a27946dd4e4ff22b42782e141d22471f90fe086c6874e783a341066f0b54be8fdcbc7c7df21d96565ed0d7b00afd91bd59ac8c37613579decb0fb84618
SSDEEP

12288:/JXwTLWKJYuv1T5jgKND/v+Tz5Wgv2qwAbMdusp/cq:/JKj5jgKdW5WgOqwAYxh

Score

10^/10

quasar seroxen execution spyware trojan

Malware Config

Extracted

Family

quasar

Version

3.1.5

Botnet

SeroXen

C2

panel-slave.gl.at.ply.gg:57059

panel-slave.gl.at.ply.gg:27892

Mutex

$Sxr-rpL8EItHN3pqIQQVy2

Attributes

encryption_key
PXEHWy52mqnqS2Hd39SK
install_name
Client.exe
log_directory
Logs
reconnect_delay
3000
startup_key
SeroXen
subdirectory
SubDir

Targets

- Target
  
  Uni.bat
- Size
  
  511KB
- MD5
  
  9fb9372aca1d8d842589419264c8ae62
- SHA1
  
  9313414673f343c9bb14939c6c14697dcdfc1aa0
- SHA256
  
  38defd519e3b007e7590a2dc8101f356806b1f1cdcdba3eccfa0afc46b2f8577
- SHA512
  
  10b935a27946dd4e4ff22b42782e141d22471f90fe086c6874e783a341066f0b54be8fdcbc7c7df21d96565ed0d7b00afd91bd59ac8c37613579decb0fb84618
- SSDEEP
  
  12288:/JXwTLWKJYuv1T5jgKND/v+Tz5Wgv2qwAbMdusp/cq:/JKj5jgKdW5WgOqwAYxh
Score

10^/10

execution quasar seroxen spyware trojan
- Quasar RAT
  Quasar is an open source Remote Access Tool.
  trojan spyware quasar
- Quasar payload
- Blocklisted process makes network request
- Command and Scripting Interpreter: PowerShell
  Run Powershell and hide display window.
  execution
- Executes dropped EXE
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

quasarseroxenexecutionspywaretrojan