Overview

overview

10

Static

static

10

Release/ne...om.exe

windows10-2004-x64

1

Release/ne...om.exe

windows11-21h2-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Release.rar

  • Size

    5.5MB

  • Sample

    240614-z8t5sawfpf

  • MD5

    7b8e8ca680a22517465ae9a695adf66b

  • SHA1

    4d659e7dbdcdc45802687ab7520aeef0512febf4

  • SHA256

    6b517b4c93d1e289ea050f303ff87dcdd1e92068932ffdbbccc7744563a926bc

  • SHA512

    1052adc99b359e128e597c5cfdc49292992d337c6af14daf71559da95ac995ff46d5e0277253dcab9874b4f2420a5c0f5f1e9395ae21a2dc825afd7724aa243d

  • SSDEEP

    98304:Y7FjWqgFLlk/k4lZAhgRnX0LrcNbXtwn4lZAhgx/Lluq324RxvxiGjRuBnfHhgj/:Rqgrk/5lZAsnX0HSrq4lZAM/Lluq3DRb

Score
10/10
quasartestingspywaretrojan

Malware Config

Extracted

Family

quasar

Attributes
  • reconnect_delay

    5000

Extracted

Family

quasar

Version

1.4.2

Botnet

Testing

C2

127.0.0.1:4782

Mutex

da53512e-6c73-406a-b1ee-fcfefff35b99

Attributes
  • encryption_key

    4B317113B678FE9A27AFEB228E60516202859C8D

  • install_name

    Client.exe

  • log_directory

    Logs

  • reconnect_delay

    3000

  • startup_key

    Quasar Client Startup

  • subdirectory

    SubDir

Targets

    • Target

      Release/net452/Phantom.exe

    • Size

      2.4MB

    • MD5

      202ec2331dcac692d6320290232d7069

    • SHA1

      eddc7d1c887c0d88489ba8b9ee19ee9613b954ea

    • SHA256

      4e3a9f64d49663a32cc3310444e5ea9c849f701cac04e5712c61cc89df3db9a2

    • SHA512

      74aeabd56861974738fc65b40edccb7cb17abf06b9d33ac3939ab3679c3f4e0fd7c438e058b661806533a969551045bbd9d45eae5b0132b3e2129af7fb344e29

    • SSDEEP

      49152:UrVIm7P/GorI174u+z0RSe85gt52Wuw+W7SCRuJ:YhP/GorIdt0gt5TRr

    Score
    10/10
    quasartestingspywaretrojan

    • Quasar RAT

      Quasar is an open source Remote Access Tool.

      trojanspywarequasar

    • Quasar payload

    • Executes dropped EXE

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Tasks