quasar | fc7080374a71ac64af26b8b449e3dc4dcb4690c23a46e8ded9fde871f61f53aa | Triage

Submit
Reports

Overview

overview

Static

static

cryptolaemus

windows10-2004-x64

cryptolaemus

windows11-21h2-x64

Sharing

General

Target

fc7080374a71ac64af26b8b449e3dc4dcb4690c23a46e8ded9fde871f61f53aa
Size

348KB
Sample

240606-wd77dahe2s
MD5

fdee5aaea30d1a49dbcdc04ac7b82bf8
SHA1

b3ae176ea254e1f4c1eca52e1336b6ec48eed623
SHA256

fc7080374a71ac64af26b8b449e3dc4dcb4690c23a46e8ded9fde871f61f53aa
SHA512

21ce2507d379613e463c1bec8297f81f11fa4bf98cc5c4618ece3b6c548575b4c645696d315356f13fd8b2f34a856d18b8af94014df87e7a91a94a7d87cc9b8c
SSDEEP

6144:KzNHXf500M+xMMxnHRb/e7OZuNpWiZpjXu:0d50AMMV9e6ZWDZpjXu

Score

10^/10

quasar pc da escola spyware trojan

Static task

static1

pc da escola quasar

3 signatures

Behavioral task

behavioral1

Sample

fc7080374a71ac64af26b8b449e3dc4dcb4690c23a46e8ded9fde871f61f53aa.exe

Resource

win10v2004-20240426-en

quasar pc da escola spyware trojan

windows10-2004-x64

4 signatures

150 seconds

Behavioral task

behavioral2

Sample

fc7080374a71ac64af26b8b449e3dc4dcb4690c23a46e8ded9fde871f61f53aa.exe

Resource

win11-20240508-en

quasar pc da escola spyware trojan

windows11-21h2-x64

4 signatures

150 seconds

Malware Config

Extracted

Family

quasar

Version

1.3.0.0

Botnet

pc da escola

C2

179.98.34.150:7777

Mutex

QSR_MUTEX_PElJTa6xx7XbLNJTpx

Attributes

encryption_key
l9FCBP3JKJkND0t2dtN5
install_name
Client.exe
log_directory
Logs
reconnect_delay
3000
startup_key
Quasar Client Startup
subdirectory
SubDir

Targets

- Target
  
  fc7080374a71ac64af26b8b449e3dc4dcb4690c23a46e8ded9fde871f61f53aa
- Size
  
  348KB
- MD5
  
  fdee5aaea30d1a49dbcdc04ac7b82bf8
- SHA1
  
  b3ae176ea254e1f4c1eca52e1336b6ec48eed623
- SHA256
  
  fc7080374a71ac64af26b8b449e3dc4dcb4690c23a46e8ded9fde871f61f53aa
- SHA512
  
  21ce2507d379613e463c1bec8297f81f11fa4bf98cc5c4618ece3b6c548575b4c645696d315356f13fd8b2f34a856d18b8af94014df87e7a91a94a7d87cc9b8c
- SSDEEP
  
  6144:KzNHXf500M+xMMxnHRb/e7OZuNpWiZpjXu:0d50AMMV9e6ZWDZpjXu
Score

10^/10

quasar pc da escola spyware trojan
- Quasar RAT
  Quasar is an open source Remote Access Tool.
  trojan spyware quasar
- Quasar payload
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

pc da escolaquasar

behavioral1

quasarpc da escolaspywaretrojan

behavioral2

quasarpc da escolaspywaretrojan

© 2018-2024

Terms | Privacy