quasar | 1dc08cd07a32da62aba3f31a61c0f906a2bb96f488178db94dd644e14da2189a | Triage

Submit
Reports

Overview

overview

Static

static

Fortnite.exe

windows7-x64

1

Fortnite.exe

windows10-2004-x64

Sharing

General

Target

Fortnite.exe
Size

3.8MB
Sample

240609-b6c7gsbg4y
MD5

f19ebdbf52c63a6a26cde5d21c923c32
SHA1

c5db469697a3fdee465f253b91a369e3af396387
SHA256

1dc08cd07a32da62aba3f31a61c0f906a2bb96f488178db94dd644e14da2189a
SHA512

84b354d95bac0d33b31b61911cb3727e825a1ac770e1d2431eb9f77f5af6901dcb252aae8d193b40d48475d026c87cc048cd681374d5dc704aea14a3d63f81d5
SSDEEP

49152:etVo+axKEpde1nlj0qxOidcA4LQnmA+cfjm+OIJC541yygYWW+sUfuNtyza32ehx:hdA08OidcA4LWZ+cfjm+OIJC541yy1T

Score

10^/10

quasar doner spyware trojan

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

Fortnite.exe

Resource

win7-20231129-en

windows7-x64

1 signatures

150 seconds

Behavioral task

behavioral2

Sample

Fortnite.exe

Resource

win10v2004-20240508-en

quasar doner spyware trojan

windows10-2004-x64

12 signatures

150 seconds

Malware Config

Extracted

Family

quasar

Version

1.4.0

Botnet

Doner

C2

hoposor.duckdns.org:1337

Mutex

79f4ba01-bd36-4d61-8b7e-4a107fd86bae

Attributes

encryption_key
528DA30969D512D5DC441B49DE14E59515A0FCBD
install_name
Proton.exe
log_directory
Logs
reconnect_delay
3000
startup_key
Proton VPN
subdirectory
Proton

Targets

- Target
  
  Fortnite.exe
- Size
  
  3.8MB
- MD5
  
  f19ebdbf52c63a6a26cde5d21c923c32
- SHA1
  
  c5db469697a3fdee465f253b91a369e3af396387
- SHA256
  
  1dc08cd07a32da62aba3f31a61c0f906a2bb96f488178db94dd644e14da2189a
- SHA512
  
  84b354d95bac0d33b31b61911cb3727e825a1ac770e1d2431eb9f77f5af6901dcb252aae8d193b40d48475d026c87cc048cd681374d5dc704aea14a3d63f81d5
- SSDEEP
  
  49152:etVo+axKEpde1nlj0qxOidcA4LQnmA+cfjm+OIJC541yygYWW+sUfuNtyza32ehx:hdA08OidcA4LWZ+cfjm+OIJC541yy1T
Score

10^/10

quasar doner spyware trojan
- Quasar RAT
  Quasar is an open source Remote Access Tool.
  trojan spyware quasar
- Quasar payload
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Remote System Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

behavioral2

quasardonerspywaretrojan

© 2018-2024

Terms | Privacy