quasar | 7402de539089b009b82d0d643d7b78234c792407d18ab99fd68de78493dede31 | Triage

Submit
Reports

Overview

overview

Static

static

7402de5390...31.exe

windows7-x64

7402de5390...31.exe

windows10-2004-x64

Sharing

General

Target

7402de539089b009b82d0d643d7b78234c792407d18ab99fd68de78493dede31.exe
Size

3.1MB
Sample

240612-xycrmszgpm
MD5

cded3e935b1541f8e930f07e8829f551
SHA1

e7fc4bc9525e5b04b6877ed362ecfcec83fa2d8c
SHA256

7402de539089b009b82d0d643d7b78234c792407d18ab99fd68de78493dede31
SHA512

dd979da2ee725fcdb49a094617fd8e41a283f3dbd809fd939c009ff5609a29e0042be7c6d92cf30c1219b0a9d56ee406a865d1e32ef5b56fdc1f3580bce83d05
SSDEEP

49152:rvSI22SsaNYfdPBldt698dBcjHPCbm9mz6yoGdBTHHB72eh2NT:rv/22SsaNYfdPBldt6+dBcjHabmw

Score

10^/10

quasar vcruntime140 spyware trojan

Static task

static1

vcruntime140 quasar

3 signatures

Behavioral task

behavioral1

Sample

7402de539089b009b82d0d643d7b78234c792407d18ab99fd68de78493dede31.exe

Resource

win7-20240611-en

quasar vcruntime140 spyware trojan

windows7-x64

8 signatures

150 seconds

Behavioral task

behavioral2

Sample

7402de539089b009b82d0d643d7b78234c792407d18ab99fd68de78493dede31.exe

Resource

win10v2004-20240508-en

quasar vcruntime140 spyware trojan

windows10-2004-x64

8 signatures

150 seconds

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

vcruntime140

C2

192.168.178.57:4782

Mutex

b358e7e9-0f3b-4d47-8e56-2ccc087705cb

Attributes

encryption_key
B1736A0DDBD7AF739BB0E3FE61B51CEFF7F8DDB3
install_name
vcruntime140.exe
log_directory
Logs
reconnect_delay
3000
startup_key
vcruntime140
subdirectory
SubDir

Targets

- Target
  
  7402de539089b009b82d0d643d7b78234c792407d18ab99fd68de78493dede31.exe
- Size
  
  3.1MB
- MD5
  
  cded3e935b1541f8e930f07e8829f551
- SHA1
  
  e7fc4bc9525e5b04b6877ed362ecfcec83fa2d8c
- SHA256
  
  7402de539089b009b82d0d643d7b78234c792407d18ab99fd68de78493dede31
- SHA512
  
  dd979da2ee725fcdb49a094617fd8e41a283f3dbd809fd939c009ff5609a29e0042be7c6d92cf30c1219b0a9d56ee406a865d1e32ef5b56fdc1f3580bce83d05
- SSDEEP
  
  49152:rvSI22SsaNYfdPBldt698dBcjHPCbm9mz6yoGdBTHHB72eh2NT:rv/22SsaNYfdPBldt6+dBcjHabmw
Score

10^/10

quasar vcruntime140 spyware trojan
- Quasar RAT
  Quasar is an open source Remote Access Tool.
  trojan spyware quasar
- Quasar payload
- Executes dropped EXE
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Credential Access

Discovery

Query Registry

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

vcruntime140quasar

behavioral1

quasarvcruntime140spywaretrojan

behavioral2

quasarvcruntime140spywaretrojan

© 2018-2024

Terms | Privacy