quasar | 481b39bb7007c144c10d04a4140e1d36336385263181729e76b8bf5e0c2e0baf | Triage

Submit
Reports

Overview

overview

Static

static

3

9fbfd7ce3f...18.exe

windows7-x64

9fbfd7ce3f...18.exe

windows10-2004-x64

Sharing

General

Target

9fbfd7ce3ffb3404b94e71ad2e7603cf_JaffaCakes118
Size

20.0MB
Sample

240611-2dy7csthqp
MD5

9fbfd7ce3ffb3404b94e71ad2e7603cf
SHA1

9cfa549224406cf65681b28082c2084fc8e90293
SHA256

481b39bb7007c144c10d04a4140e1d36336385263181729e76b8bf5e0c2e0baf
SHA512

3c977390fa7e825e002017a7f62e7204a5f7a01353dbde022e28325edacd1270d37a1aeae52693092e499e4adf1c2f28ddbd2a7720ed934e76928cfa03dd5135
SSDEEP

393216:Grmy6Y46FFQ3ZlvbPM0OiH9B2hrX+wWR5Ce2OvZU4YieuqVYmgXHTtGVTL:Grms1eNgzaeh7xQkOvJYi0V1gXHgVTL

Score

10^/10

quasar spyware trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

9fbfd7ce3ffb3404b94e71ad2e7603cf_JaffaCakes118.exe

Resource

win7-20240221-en

quasar spyware trojan

windows7-x64

10 signatures

150 seconds

Behavioral task

behavioral2

Sample

9fbfd7ce3ffb3404b94e71ad2e7603cf_JaffaCakes118.exe

Resource

win10v2004-20240226-en

quasar spyware trojan

windows10-2004-x64

10 signatures

150 seconds

Malware Config

Extracted

Family

quasar

Attributes

reconnect_delay
3000

Targets

- Target
  
  9fbfd7ce3ffb3404b94e71ad2e7603cf_JaffaCakes118
- Size
  
  20.0MB
- MD5
  
  9fbfd7ce3ffb3404b94e71ad2e7603cf
- SHA1
  
  9cfa549224406cf65681b28082c2084fc8e90293
- SHA256
  
  481b39bb7007c144c10d04a4140e1d36336385263181729e76b8bf5e0c2e0baf
- SHA512
  
  3c977390fa7e825e002017a7f62e7204a5f7a01353dbde022e28325edacd1270d37a1aeae52693092e499e4adf1c2f28ddbd2a7720ed934e76928cfa03dd5135
- SSDEEP
  
  393216:Grmy6Y46FFQ3ZlvbPM0OiH9B2hrX+wWR5Ce2OvZU4YieuqVYmgXHTtGVTL:Grms1eNgzaeh7xQkOvJYi0V1gXHgVTL
Score

10^/10

quasar spyware trojan
- Quasar RAT
  Quasar is an open source Remote Access Tool.
  trojan spyware quasar
- Quasar payload
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Loads dropped DLL
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

quasarspywaretrojan

behavioral2

quasarspywaretrojan

© 2018-2024

Terms | Privacy