quasar | 947ecae6beac19b2fe2154f68940462655843cd5f36db14c0ab0b57cff623138 | Triage

Submit
Reports

Overview

overview

Static

static

Client-built.exe

windows10-1703-x64

Client-built.exe

windows10-2004-x64

Client-built.exe

windows11-21h2-x64

Sharing

General

Target

Client-built.exe
Size

348KB
Sample

240601-tzee3sgf3s
MD5

0b7139d2d35eb6fb4638ec14b469df7e
SHA1

5b3644a8be1e3ef885b5809b857142295ed2a4d1
SHA256

947ecae6beac19b2fe2154f68940462655843cd5f36db14c0ab0b57cff623138
SHA512

84ae5d2017f268a1249ab1346de9ebda1ab41621b790ecd24cc75df95e9d8415720395b022d4f367819eda642b19a42f31bf50b87a4d980237471b6dcb1041c9
SSDEEP

6144:0jEHwNHJsa2gKMRQDbRFunXCpsIqlfoF:Cxpsa8W6uXC3qRO

Score

10^/10

quasar deadly spyware trojan

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

Client-built.exe

Resource

win10-20240404-en

quasar deadly spyware trojan

windows10-1703-x64

8 signatures

300 seconds

Behavioral task

behavioral2

Sample

Client-built.exe

Resource

win10v2004-20240426-en

quasar deadly spyware trojan

windows10-2004-x64

8 signatures

300 seconds

Behavioral task

behavioral3

Sample

Client-built.exe

Resource

win11-20240419-en

quasar deadly spyware trojan

windows11-21h2-x64

8 signatures

300 seconds

Malware Config

Extracted

Family

quasar

Version

1.3.0.0

Botnet

Deadly

C2

uk2.localto.net:3955

Mutex

QSR_MUTEX_Kpy5UOokQcRvJFzawH

Attributes

encryption_key
42mkSeUsHVtyogVkUtuz
install_name
$dead-Client.exe
log_directory
$dead-Logs
reconnect_delay
3000
startup_key
Powershell
subdirectory
$dead-deadly2

Targets

- Target
  
  Client-built.exe
- Size
  
  348KB
- MD5
  
  0b7139d2d35eb6fb4638ec14b469df7e
- SHA1
  
  5b3644a8be1e3ef885b5809b857142295ed2a4d1
- SHA256
  
  947ecae6beac19b2fe2154f68940462655843cd5f36db14c0ab0b57cff623138
- SHA512
  
  84ae5d2017f268a1249ab1346de9ebda1ab41621b790ecd24cc75df95e9d8415720395b022d4f367819eda642b19a42f31bf50b87a4d980237471b6dcb1041c9
- SSDEEP
  
  6144:0jEHwNHJsa2gKMRQDbRFunXCpsIqlfoF:Cxpsa8W6uXC3qRO
Score

10^/10

quasar deadly spyware trojan
- Quasar RAT
  Quasar is an open source Remote Access Tool.
  trojan spyware quasar
- Quasar payload
- Executes dropped EXE
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2 behavioral3

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

quasardeadlyspywaretrojan

behavioral2

quasardeadlyspywaretrojan

behavioral3

quasardeadlyspywaretrojan

© 2018-2024

Terms | Privacy