quasar | ec73d7962ff8f5ca2ef83d10104fa49d26fd60476b2b3afc6e2c681e665cf678 | Triage

Submit
Reports

Overview

overview

Static

static

Client-built4.exe

windows10-2004-x64

Sharing

General

Target

Client-built4.exe
Size

3.1MB
Sample

240602-cmd54sfd2y
MD5

aadefab57f8d258196fb7defe775da05
SHA1

c547b196d15e134e36e941eb31fac7664418b7ed
SHA256

ec73d7962ff8f5ca2ef83d10104fa49d26fd60476b2b3afc6e2c681e665cf678
SHA512

e4ad1ec0ed8cc4d5cbc55f8996c0741b920836ed67a810d5446e42c7a96a189b3ce80e2dbea6ce3bb55b84f499e9d08cf4247edad67055b2725d9bd51d455dcf
SSDEEP

49152:fv+lL26AaNeWgPhlmVqvMQ7XSKdC/1J/LoGdlL8nTHHB72eh2NT:fvuL26AaNeWgPhlmVqkQ7XSKdCjN

Score

10^/10

quasar dusan spyware trojan

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

Client-built4.exe

Resource

win10v2004-20240508-en

quasar dusan spyware trojan

windows10-2004-x64

16 signatures

150 seconds

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

dusan

C2

192.168.178.20:4782

192.168.1.9:4782

Mutex

ded81f24-0e54-4985-a1fb-e180db45c27d

Attributes

encryption_key
A81486939BB2FAD2A02EAF76B26242A2A9C6D91B
install_name
katani.exe
log_directory
Log
reconnect_delay
3000
startup_key
hacked by katani :)
subdirectory
download

Targets

- Target
  
  Client-built4.exe
- Size
  
  3.1MB
- MD5
  
  aadefab57f8d258196fb7defe775da05
- SHA1
  
  c547b196d15e134e36e941eb31fac7664418b7ed
- SHA256
  
  ec73d7962ff8f5ca2ef83d10104fa49d26fd60476b2b3afc6e2c681e665cf678
- SHA512
  
  e4ad1ec0ed8cc4d5cbc55f8996c0741b920836ed67a810d5446e42c7a96a189b3ce80e2dbea6ce3bb55b84f499e9d08cf4247edad67055b2725d9bd51d455dcf
- SSDEEP
  
  49152:fv+lL26AaNeWgPhlmVqvMQ7XSKdC/1J/LoGdlL8nTHHB72eh2NT:fvuL26AaNeWgPhlmVqkQ7XSKdCjN
Score

10^/10

quasar dusan spyware trojan
- Quasar RAT
  Quasar is an open source Remote Access Tool.
  trojan spyware quasar
- Quasar payload
- Executes dropped EXE
- Legitimate hosting services abused for malware hosting/C2
behavioral1

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Query Registry

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

quasardusanspywaretrojan

© 2018-2024

Terms | Privacy