quasar | 47f06153275d1f01d1d7410eb5917aead5a79660be5da59bf51f31698343c357 | Triage

Submit
Reports

Overview

overview

Static

static

Client-built.exe

windows10-1703-x64

Client-built.exe

windows10-2004-x64

Sharing

General

Target

Client-built.exe
Size

405KB
Sample

240614-25grdszdrg
MD5

0c84b58a5322284269f3b86e648e1fc8
SHA1

6776c3963a64a3ace4caaff164669364356f72aa
SHA256

47f06153275d1f01d1d7410eb5917aead5a79660be5da59bf51f31698343c357
SHA512

02bc07552096f2b052e064ed2941cde5b70058066b614fa7374dbf7aa2177458a22d9746181b8f88e3468b252adf7e1aa1518ed9085ed78af5b736a02fa297d7
SSDEEP

6144:yphjZx5jbx+DgrQo2fVH/i96bpjWprW5hthvo5lDzWEi5HFkgDVc:kjrZbaVfi6SGfel/WnHxDVc

Score

10^/10

quasar school spyware trojan

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

Client-built.exe

Resource

win10-20240404-en

quasar school spyware trojan

windows10-1703-x64

8 signatures

150 seconds

Behavioral task

behavioral2

Sample

Client-built.exe

Resource

win10v2004-20240611-en

quasar school spyware trojan

windows10-2004-x64

8 signatures

150 seconds

Malware Config

Extracted

Family

quasar

Version

3.1.5

Botnet

School

C2

runderscore00-37568.portmap.host:37568

Mutex

QSR_MUTEX_BNyj3AdZ8NIXACv5S5

Attributes

encryption_key
G3FFg7Ec2ieFqaQw5SZ2
install_name
Client.exe
log_directory
Logs
reconnect_delay
3000
startup_key
Quasar Client Startup
subdirectory
SubDir

Targets

- Target
  
  Client-built.exe
- Size
  
  405KB
- MD5
  
  0c84b58a5322284269f3b86e648e1fc8
- SHA1
  
  6776c3963a64a3ace4caaff164669364356f72aa
- SHA256
  
  47f06153275d1f01d1d7410eb5917aead5a79660be5da59bf51f31698343c357
- SHA512
  
  02bc07552096f2b052e064ed2941cde5b70058066b614fa7374dbf7aa2177458a22d9746181b8f88e3468b252adf7e1aa1518ed9085ed78af5b736a02fa297d7
- SSDEEP
  
  6144:yphjZx5jbx+DgrQo2fVH/i96bpjWprW5hthvo5lDzWEi5HFkgDVc:kjrZbaVfi6SGfel/WnHxDVc
Score

10^/10

quasar school spyware trojan
- Quasar RAT
  Quasar is an open source Remote Access Tool.
  trojan spyware quasar
- Quasar payload
- Executes dropped EXE
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

quasarschoolspywaretrojan

behavioral2

quasarschoolspywaretrojan

© 2018-2025

Terms | Privacy