quasar | fae3ed9b66f0e1fc27bdd6605dd3fd0600ff4291971d850f61cd0696c4ed9926 | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

1

API_Connector.bat

windows11-21h2-x64

Sharing

General

Target

API_Connector.bat
Size

586KB
Sample

240610-scd1cszfph
MD5

54b83bd573c13cd414255d487f47b770
SHA1

f35b29215c9039af7294b1e9db7977447f380cbe
SHA256

fae3ed9b66f0e1fc27bdd6605dd3fd0600ff4291971d850f61cd0696c4ed9926
SHA512

8c607148b7e001d5ea9efb048cebf3fc78238f333cc09c368078f77b0d0fcf4ac22a5594bd7417515ee4ea73e7943fb1e47232e9caac6e3e74caa3313c89f6d9
SSDEEP

12288:LiR+aj62WqH39ttfD1KhLZ6azySThfOwppoCQ/gcOhKrYFuuZUDGO0:mQt2WwxGJtvpOt/owriUDt0

Score

10^/10

quasar slave execution spyware trojan

Static task

static1

Behavioral task

behavioral1

Sample

API_Connector.bat

Resource

win11-20240508-en

quasar slave execution spyware trojan

windows11-21h2-x64

13 signatures

150 seconds

Malware Config

Extracted

Family

quasar

Version

1.3.0.0

Botnet

Slave

C2

runderscore00-61208.portmap.host:61208

Mutex

QSR_MUTEX_cq1PvE2FSZsrtLytho

Attributes

encryption_key
5vXgZSbIpHJzAn3ZrosQ
install_name
$phantom-powershell.exe
log_directory
$phantom-Logs
reconnect_delay
3000
startup_key
Powershell
subdirectory
$phantom-zero

Targets

- Target
  
  API_Connector.bat
- Size
  
  586KB
- MD5
  
  54b83bd573c13cd414255d487f47b770
- SHA1
  
  f35b29215c9039af7294b1e9db7977447f380cbe
- SHA256
  
  fae3ed9b66f0e1fc27bdd6605dd3fd0600ff4291971d850f61cd0696c4ed9926
- SHA512
  
  8c607148b7e001d5ea9efb048cebf3fc78238f333cc09c368078f77b0d0fcf4ac22a5594bd7417515ee4ea73e7943fb1e47232e9caac6e3e74caa3313c89f6d9
- SSDEEP
  
  12288:LiR+aj62WqH39ttfD1KhLZ6azySThfOwppoCQ/gcOhKrYFuuZUDGO0:mQt2WwxGJtvpOt/owriUDt0
Score

10^/10

quasar slave execution spyware trojan
- Quasar RAT
  Quasar is an open source Remote Access Tool.
  trojan spyware quasar
- Quasar payload
- Command and Scripting Interpreter: PowerShell
  Run Powershell and hide display window.
  execution
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

quasarslaveexecutionspywaretrojan

© 2018-2025

Terms | Privacy