quasar | b42d3f4823819c1b7119774c52f89e62bfb6fec506e3530e681cf0ce0bc5557d | Triage

Submit
Reports

Overview

overview

Static

static

95823524c5...18.exe

windows7-x64

95823524c5...18.exe

windows10-2004-x64

Sharing

General

Target

95823524c56268909001597a81a398d5_JaffaCakes118
Size

531KB
Sample

240604-twh9vscf8z
MD5

95823524c56268909001597a81a398d5
SHA1

f732527a57d11a9dd57b4b093144c60ffa38a173
SHA256

b42d3f4823819c1b7119774c52f89e62bfb6fec506e3530e681cf0ce0bc5557d
SHA512

75cf3848026d3d1589115471b3bacd96a378c36cc6991c51f292590998a2ed4df58fe0a0139cb34d1d9722a18c5f14af52f7412f57c67275f73062da1747449f
SSDEEP

6144:stlrXYao3Rvn9dYQ0kQiwwVoab4UYJI+OWjE:OpXvQ0kQF96Y6+xg

Score

10^/10

quasar usr spyware trojan

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

95823524c56268909001597a81a398d5_JaffaCakes118.exe

Resource

win7-20240419-en

quasar usr spyware trojan

windows7-x64

9 signatures

150 seconds

Behavioral task

behavioral2

Sample

95823524c56268909001597a81a398d5_JaffaCakes118.exe

Resource

win10v2004-20240508-en

quasar usr spyware trojan

windows10-2004-x64

10 signatures

150 seconds

Malware Config

Extracted

Family

quasar

Version

1.3.0.0

Botnet

USR

C2

pv8stresser.xyz:45201

Mutex

yzyrfG0e0ojtGuJLLm

Attributes

encryption_key
0PxbjHekumnMpxMDOLOWYxcgvcGzNRtp
install_name
Client.exe
log_directory
Mozilla
reconnect_delay
3000
startup_key
Quasar Client Startup
subdirectory
SubDir

Targets

- Target
  
  95823524c56268909001597a81a398d5_JaffaCakes118
- Size
  
  531KB
- MD5
  
  95823524c56268909001597a81a398d5
- SHA1
  
  f732527a57d11a9dd57b4b093144c60ffa38a173
- SHA256
  
  b42d3f4823819c1b7119774c52f89e62bfb6fec506e3530e681cf0ce0bc5557d
- SHA512
  
  75cf3848026d3d1589115471b3bacd96a378c36cc6991c51f292590998a2ed4df58fe0a0139cb34d1d9722a18c5f14af52f7412f57c67275f73062da1747449f
- SSDEEP
  
  6144:stlrXYao3Rvn9dYQ0kQiwwVoab4UYJI+OWjE:OpXvQ0kQF96Y6+xg
Score

10^/10

quasar usr spyware trojan
- Quasar RAT
  Quasar is an open source Remote Access Tool.
  trojan spyware quasar
- Quasar payload
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Remote System Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

quasarusrspywaretrojan

behavioral2

quasarusrspywaretrojan

© 2018-2024

Terms | Privacy