quasar | bf14edf87a349754e8499a8d62ccb7a3e3c4d2dd9670bbff873da64c4a5b6c94 | Triage

Submit
Reports

Overview

overview

Static

static

ImageLogge....0.exe

windows11-21h2-x64

Sharing

General

Target

ImageLoggerBuilder2.0.exe
Size

502KB
Sample

240612-gq169sselb
MD5

2231da4dd03ea8cc9fddbf3c1a3878f6
SHA1

f79ab1952634a33ca4461dd417023f7e6464ab91
SHA256

bf14edf87a349754e8499a8d62ccb7a3e3c4d2dd9670bbff873da64c4a5b6c94
SHA512

0ee5f632b5dd1b87296a7cf0e39de239c9076b4c8a7fcdfb6bb72f16d1567255dd61b5ae7c4dbe213c02ee6642bfee8495d39f780b505f575e9b5ad45a3e05e8
SSDEEP

12288:MTEgdfYVbg9s4i1W4+ywISpg4TWsvhcd6:xUwu9OiywISp1fvhcd6

Score

10^/10

quasar hehe spyware trojan

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

ImageLoggerBuilder2.0.exe

Resource

win11-20240508-en

quasar hehe spyware trojan

windows11-21h2-x64

9 signatures

1800 seconds

Malware Config

Extracted

Family

quasar

Version

1.4.0

Botnet

hehe

C2

73.52.222.40 :4782

Mutex

ba70c709-92c0-42ee-bf3b-441570bf5f72

Attributes

encryption_key
A60992F07B65EB8CCDDFC57F7BEFF66D9891B154
install_name
ImageLogger11.exe
log_directory
Logs
reconnect_delay
3000
startup_key
Windows Startup
subdirectory
SubDir

Targets

- Target
  
  ImageLoggerBuilder2.0.exe
- Size
  
  502KB
- MD5
  
  2231da4dd03ea8cc9fddbf3c1a3878f6
- SHA1
  
  f79ab1952634a33ca4461dd417023f7e6464ab91
- SHA256
  
  bf14edf87a349754e8499a8d62ccb7a3e3c4d2dd9670bbff873da64c4a5b6c94
- SHA512
  
  0ee5f632b5dd1b87296a7cf0e39de239c9076b4c8a7fcdfb6bb72f16d1567255dd61b5ae7c4dbe213c02ee6642bfee8495d39f780b505f575e9b5ad45a3e05e8
- SSDEEP
  
  12288:MTEgdfYVbg9s4i1W4+ywISpg4TWsvhcd6:xUwu9OiywISp1fvhcd6
Score

10^/10

quasar hehe spyware trojan
- Quasar RAT
  Quasar is an open source Remote Access Tool.
  trojan spyware quasar
- Quasar payload
- Executes dropped EXE
behavioral1

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Credential Access

Discovery

System Information Discovery

Remote System Discovery

Query Registry

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

quasarhehespywaretrojan

© 2018-2024

Terms | Privacy