quasar | bce1a795abd87b0db2ea2577de28ade5f46d275e47f0424fbcd728684f939c0b | Triage

Submit
Reports

Overview

overview

Static

static

1

Discord-Im...er.bat

windows11-21h2-x64

Discord-Im...er.bat

macos-10.15-amd64

4

Sharing

General

Target

Discord-Image-Logger.bat
Size

14.9MB
Sample

240613-ahymvawglb
MD5

922173bce190a729a7541904e53ffba5
SHA1

d98240a8deb45581eb15e1ec4d5238f914bee80d
SHA256

bce1a795abd87b0db2ea2577de28ade5f46d275e47f0424fbcd728684f939c0b
SHA512

1b4cad22fe047018dc95825b7faaa21b0b0936f1de85886abbf5ca85b59d5fab8da35921758df62fe614e5473b664e6000a95218615bfbd41938149a07e81f5f
SSDEEP

49152:hx3AG5hYogP5o/nsX9xf0HFVpg0bozDhNr2IhX25cDX591URFiVmjGrEcg9FKdzt:g

Score

10^/10

quasar evasion execution macos spyware trojan

Static task

static1

Behavioral task

behavioral1

Sample

Discord-Image-Logger.bat

Resource

win11-20240611-en

quasar execution spyware trojan

windows11-21h2-x64

15 signatures

300 seconds

Behavioral task

behavioral2

Sample

Discord-Image-Logger.bat

Resource

macos-20240611-en

macos-10.15-amd64

1 signatures

300 seconds

Malware Config

Extracted

Family

quasar

Attributes

reconnect_delay
1000

Targets

- Target
  
  Discord-Image-Logger.bat
- Size
  
  14.9MB
- MD5
  
  922173bce190a729a7541904e53ffba5
- SHA1
  
  d98240a8deb45581eb15e1ec4d5238f914bee80d
- SHA256
  
  bce1a795abd87b0db2ea2577de28ade5f46d275e47f0424fbcd728684f939c0b
- SHA512
  
  1b4cad22fe047018dc95825b7faaa21b0b0936f1de85886abbf5ca85b59d5fab8da35921758df62fe614e5473b664e6000a95218615bfbd41938149a07e81f5f
- SSDEEP
  
  49152:hx3AG5hYogP5o/nsX9xf0HFVpg0bozDhNr2IhX25cDX591URFiVmjGrEcg9FKdzt:g
Score

10^/10

quasar execution spyware trojan evasion
- Quasar RAT
  Quasar is an open source Remote Access Tool.
  trojan spyware quasar
- Quasar payload
- Command and Scripting Interpreter: PowerShell
  Run Powershell and hide display window.
  execution
- Deletes itself
- Executes dropped EXE
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Hide Artifacts

Resource Forking

Credential Access

Discovery

System Information Discovery

Query Registry

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

quasarexecutionspywaretrojan

behavioral2

© 2018-2024

Terms | Privacy