quasar | f1ebb419ee0133174b64a7668c750f87367970971daaffdf1f85328c4875d9e6 | Triage

Sharing

General

Target

5vFnUTA.bat
Size

33.8MB
Sample

240609-v1trtsch5y
MD5

7360d5c5787795efddb21ead0a7b087a
SHA1

261a0079e595fbf4203d4314d29e233d8a0ef9fc
SHA256

f1ebb419ee0133174b64a7668c750f87367970971daaffdf1f85328c4875d9e6
SHA512

9be6997a3fae5bc97c997c46bae8985606527e91430fb4c145119fdfd97d8daa83523e9fa2cd40ce3486c231dcedbd4a4159c2f645b1746998ab2419aa262d14
SSDEEP

12288:PiR+aj62WqH39ttfD1KhLZ6azySThfOwppoCQ/gcOhKrYFuuZUDGO0:aQt2WwxGJtvpOt/owriUDt0

Score

10^/10

quasar slave execution spyware trojan

Malware Config

Extracted

Family

quasar

Version

1.3.0.0

Botnet

Slave

C2

runderscore00-61208.portmap.host:61208

Mutex

QSR_MUTEX_cq1PvE2FSZsrtLytho

Attributes

encryption_key
5vXgZSbIpHJzAn3ZrosQ
install_name
$phantom-powershell.exe
log_directory
$phantom-Logs
reconnect_delay
3000
startup_key
Powershell
subdirectory
$phantom-zero

Targets

- Target
  
  5vFnUTA.bat
- Size
  
  33.8MB
- MD5
  
  7360d5c5787795efddb21ead0a7b087a
- SHA1
  
  261a0079e595fbf4203d4314d29e233d8a0ef9fc
- SHA256
  
  f1ebb419ee0133174b64a7668c750f87367970971daaffdf1f85328c4875d9e6
- SHA512
  
  9be6997a3fae5bc97c997c46bae8985606527e91430fb4c145119fdfd97d8daa83523e9fa2cd40ce3486c231dcedbd4a4159c2f645b1746998ab2419aa262d14
- SSDEEP
  
  12288:PiR+aj62WqH39ttfD1KhLZ6azySThfOwppoCQ/gcOhKrYFuuZUDGO0:aQt2WwxGJtvpOt/owriUDt0
Score

10^/10

quasar slave execution spyware trojan
- Quasar RAT
  Quasar is an open source Remote Access Tool.
  trojan spyware quasar
- Quasar payload
- Command and Scripting Interpreter: PowerShell
  Run Powershell and hide display window.
  execution
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

quasarslaveexecutionspywaretrojan