quasar | 13079ae40df645092364c579428e27f18e76060be24300284458daaee56210d1 | Triage

Submit
Reports

Overview

overview

Static

static

1

Loader.bat

windows11-21h2-x64

Sharing

General

Target

Loader.bat
Size

586KB
Sample

240607-we464sbe9y
MD5

30efee247e7c04f823c46e89192ea291
SHA1

bdd750191bd9a8ebea65512d73fde8849be28a2a
SHA256

13079ae40df645092364c579428e27f18e76060be24300284458daaee56210d1
SHA512

87e83b62f4504ca64d5219736b5094f40396f2bcaa365f9ee2b78a83a8081fa634199ff3dcd3c35b43c2974fa1e1b5e48893031f47e4d2063224be9c5b9d55a4
SSDEEP

12288:wXkI0ImO8CwY9uL83MxAU65F5o5KgNVWoUYbR:wXkI0ImO8CwO6FAVYHf

Score

10^/10

quasar zer0spy execution spyware trojan

Static task

static1

Behavioral task

behavioral1

Sample

Loader.bat

Resource

win11-20240426-en

quasar zer0spy execution spyware trojan

windows11-21h2-x64

12 signatures

150 seconds

Malware Config

Extracted

Family

quasar

Version

1.3.0.0

Botnet

Zer0Spy

C2

runderscore00-61208.portmap.host:61208

Mutex

QSR_MUTEX_9vwtyaiSuBr8jzh6yA

Attributes

encryption_key
MGPKlHKpBvRDnGpfn0IX
install_name
$phantom-powershell.exe
log_directory
$phantom-Logs
reconnect_delay
3000
startup_key
Windows PowerShell
subdirectory
$phantom-zer0spy2

Targets

- Target
  
  Loader.bat
- Size
  
  586KB
- MD5
  
  30efee247e7c04f823c46e89192ea291
- SHA1
  
  bdd750191bd9a8ebea65512d73fde8849be28a2a
- SHA256
  
  13079ae40df645092364c579428e27f18e76060be24300284458daaee56210d1
- SHA512
  
  87e83b62f4504ca64d5219736b5094f40396f2bcaa365f9ee2b78a83a8081fa634199ff3dcd3c35b43c2974fa1e1b5e48893031f47e4d2063224be9c5b9d55a4
- SSDEEP
  
  12288:wXkI0ImO8CwY9uL83MxAU65F5o5KgNVWoUYbR:wXkI0ImO8CwO6FAVYHf
Score

10^/10

quasar zer0spy execution spyware trojan
- Quasar RAT
  Quasar is an open source Remote Access Tool.
  trojan spyware quasar
- Quasar payload
- Blocklisted process makes network request
- Command and Scripting Interpreter: PowerShell
  Run Powershell and hide display window.
  execution
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

quasarzer0spyexecutionspywaretrojan

© 2018-2024

Terms | Privacy