quasar | bba5ce847c62bb82236b5c5e9469f24d7f8f3d605bfaf4b5c5901b4fad1b84ac | Triage

Submit
Reports

Overview

overview

Static

static

Client-built.exe

windows10-2004-x64

Resubmissions

14-06-2024 07:31

240614-jcvtfatfqp 10

14-06-2024 07:26

240614-h92gtateqq 10

Sharing

General

Target

Client-built.exe
Size

3.1MB
Sample

240614-h92gtateqq
MD5

7f113430d45982dd16a92095a0734593
SHA1

7c054a7e0ded31b23b94f59159b47df5e37135dd
SHA256

bba5ce847c62bb82236b5c5e9469f24d7f8f3d605bfaf4b5c5901b4fad1b84ac
SHA512

c17264d90431123207abd10998c4f8e068a7fcba7ab9763952741c52eccd80791bc48e2a053eec51499d9c2ae8a7f454f9ab74b0970fc219c57dd49a244753a1
SSDEEP

49152:/vblL26AaNeWgPhlmVqvMQ7XSKGH4ooGdtOTHHB72eh2NT:/vBL26AaNeWgPhlmVqkQ7XSKGHT

Score

10^/10

quasar triage spyware trojan

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

Client-built.exe

Resource

win10v2004-20240508-en

quasar triage spyware trojan

windows10-2004-x64

23 signatures

1800 seconds

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

triage

C2

daongochuy.ddns.net:5899

192.168.1.70:5899

Mutex

f780d9fa-685c-409a-be9a-662a1160ec3e

Attributes

encryption_key
DA58166FE3472BA10368FA5F4736C40EA43CDD81
install_name
winrmt.exe
log_directory
Logs
reconnect_delay
3000
startup_key
Windows Device Manager
subdirectory
WindowsManager

Targets

- Target
  
  Client-built.exe
- Size
  
  3.1MB
- MD5
  
  7f113430d45982dd16a92095a0734593
- SHA1
  
  7c054a7e0ded31b23b94f59159b47df5e37135dd
- SHA256
  
  bba5ce847c62bb82236b5c5e9469f24d7f8f3d605bfaf4b5c5901b4fad1b84ac
- SHA512
  
  c17264d90431123207abd10998c4f8e068a7fcba7ab9763952741c52eccd80791bc48e2a053eec51499d9c2ae8a7f454f9ab74b0970fc219c57dd49a244753a1
- SSDEEP
  
  49152:/vblL26AaNeWgPhlmVqvMQ7XSKGH4ooGdtOTHHB72eh2NT:/vBL26AaNeWgPhlmVqkQ7XSKGHT
Score

10^/10

quasar triage spyware trojan
- Quasar RAT
  Quasar is an open source Remote Access Tool.
  trojan spyware quasar
- Quasar payload
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Drops file in System32 directory
behavioral1

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Peripheral Device Discovery

Remote System Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

quasartriagespywaretrojan

© 2018-2024

Terms | Privacy