quasar | 2ecdc9e5b6d087b75bd4d1b25ffc881fd89f28bb423a1e2cd45b81b555b995f0 | Triage

Sharing

General

Target

Client-built.exe
Size

3.1MB
Sample

240617-1752bswfjf
MD5

0af49dc9eb6cd83a0219907fdfa2c0aa
SHA1

57b44eb48c5b4ca8761d74491586989a293e10e6
SHA256

2ecdc9e5b6d087b75bd4d1b25ffc881fd89f28bb423a1e2cd45b81b555b995f0
SHA512

03211a9a7f0ba926a30e74ae97412f457c280414bbc8d8a1749bf603e1a7ce5aa5a7635b8af416cd2d7ce9cf557734a940e115914e91acae6dd22c33e6a02b86
SSDEEP

49152:HvOlL26AaNeWgPhlmVqvMQ7XSK50GCaroeoGdXcTHHB72eh2NT:Hv+L26AaNeWgPhlmVqkQ7XSKuGr

Score

10^/10

quasar eyewalled spyware trojan

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

Eyewalled

C2

147.185.221.18:18043

147.185.221.18:1358

Mutex

348940a4-40db-4d79-9103-0f7d01523a5f

Attributes

encryption_key
DF93BFF0E78CC9BB874112E9F60DEDC5B7B04CB5
install_name
Client.exe
log_directory
Logs
reconnect_delay
3001
startup_key
Quasar Client Startup
subdirectory
Management

Targets

- Target
  
  Client-built.exe
- Size
  
  3.1MB
- MD5
  
  0af49dc9eb6cd83a0219907fdfa2c0aa
- SHA1
  
  57b44eb48c5b4ca8761d74491586989a293e10e6
- SHA256
  
  2ecdc9e5b6d087b75bd4d1b25ffc881fd89f28bb423a1e2cd45b81b555b995f0
- SHA512
  
  03211a9a7f0ba926a30e74ae97412f457c280414bbc8d8a1749bf603e1a7ce5aa5a7635b8af416cd2d7ce9cf557734a940e115914e91acae6dd22c33e6a02b86
- SSDEEP
  
  49152:HvOlL26AaNeWgPhlmVqvMQ7XSK50GCaroeoGdXcTHHB72eh2NT:Hv+L26AaNeWgPhlmVqkQ7XSKuGr
Score

10^/10

quasar eyewalled spyware trojan
- Quasar RAT
  Quasar is an open source Remote Access Tool.
  trojan spyware quasar
- Quasar payload
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Credential Access

Discovery

System Information Discovery

Query Registry

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

eyewalledquasar

behavioral1

quasareyewalledspywaretrojan

behavioral2

quasareyewalledspywaretrojan