quasar | 4e85fc6b1d7119195b46633bd051c65074eebf181d8f9cd142ecc0e7a9bcc3b8

Sharing

Copy URL

Twitter E-mail

General

Target

4e85fc6b1d7119195b46633bd051c65074eebf181d8f9cd142ecc0e7a9bcc3b8.zip
Size

1.2MB
Sample

240619-bptsxa1cpf
MD5

56819905506b605b88d2e6513c91bc25
SHA1

f64b5b5cdb72eabd3ba9ddcd3fbfa2a7211caa6c
SHA256

4e85fc6b1d7119195b46633bd051c65074eebf181d8f9cd142ecc0e7a9bcc3b8
SHA512

6119b9e1d88ce5b1b3158626b3ba5848fa133fc271798057f4404600bd8313efd7462b85be54fd661a859ae0a79449d1c19962edfb4b857fe7a7ceade55d249c
SSDEEP

24576:rcBRbNL4fPXUkIl3dxjG6077tJ/qcZA6eUBkaCZTF8OyKBK/Q+sWk1muMvGh/JIY:rcBYfPEBltAZccZA6jka+9yKBK4+7XuD

Score

10^/10

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

ApexV1

174.175.46.53:1048

Mutex

c8ba5d8f-6f83-4ae3-ae6c-d1a644d2c509

Attributes

encryption_key
B0ABE169C55CFD4C2E8310DB36202EAF0E98D48D
install_name
Client.exe
log_directory
Logs
reconnect_delay
1500
startup_key
Windows Updater Service
subdirectory
SubDir

Targets

- Target
  
  Apex-ghostware-apex-hacks/EasyAntiCheatBypass.exe
- Size
  
  3.1MB
- MD5
  
  ec96a4363e4cdbe515e295b1a2ecc86a
- SHA1
  
  e531ec27d5b1e8fc8fb28d53abbe2f32feca8f25
- SHA256
  
  6536e7f196e43cf1b92ebc7f84f99747ffa397c9f749918e5c03b75390e06a79
- SHA512
  
  6fd76d39f5509132f729258da8a7fc3a557d82976c583a3e8789342d5382b6a58d793ac3ee7504293c97aa2b6e3776d7403d8a0680e76d980f4d179fcb81213e
- SSDEEP
  
  98304:zvp22SsaNYfdPBldt6+dBcjHvgRJ66Z3:7S7jmv
Score

10^/10

quasar apexv1 spyware trojan
- Quasar RAT
  Quasar is an open source Remote Access Tool.
  trojan spyware quasar
- Quasar payload
- Detects Windows executables referencing non-Windows User-Agents
- Detects binaries (Windows and macOS) referencing many web browsers. Observed in information stealers.
- Detects executables containing common artifacts observed in infostealers
- Executes dropped EXE
behavioral1 behavioral2
- Target
  
  Apex-ghostware-apex-hacks/Gma.System.MouseKeyHook.dll
- Size
  
  56KB
- MD5
  
  bfb3bd1cb571360435100bfa6ed2b997
- SHA1
  
  1325e8dd76180a165117e04da4ee4a020e996880
- SHA256
  
  a67a424013544c8270c12633e2e1e287cd5cf0b3f2e81e8d8204b37a03da59ef
- SHA512
  
  ae5a88a9e86b9e64b8c289213f814586dfa5fe5e0cc21bdbc3e48c36d81fa9e763c6e78f24e40df07696228270ad72f408846125e61e33cae867ef8ff88a3c15
- SSDEEP
  
  768:qYnDJGdu2oE3d7ltSl+Y8sCcm8Doi/L0CPw87qquEZ+r3FhuiFJ8G:VncoU48/AzPwYpNZ6rXJ8G
Score

1^/10
behavioral3 behavioral4
- Target
  
  Apex-ghostware-apex-hacks/Loader(OPENME).bat
- Size
  
  1KB
- MD5
  
  a1fe9e32a87b9d3f76da7e7bdb5474a7
- SHA1
  
  091b20dfe88c0211406e8844346d8c187aea32aa
- SHA256
  
  8942b7d45fd6a4e163280586cc50eb39612aad9880777c7f3945c347d79b30e2
- SHA512
  
  f536b8cad043c210a7ac3da3eeb31afe2d7ce1c0f978a17726da5eb6c294b72d4ca169361f045edcc070189d8fac5cc16a152a7c756bb8dcc59cb19e570e3f23
Score

1^/10
behavioral5 behavioral6
- Target
  
  Apex-ghostware-apex-hacks/ghostware.dll
- Size
  
  87KB
- MD5
  
  6d5eb860c2be5dbeb470e7d3f3e7dda4
- SHA1
  
  80c76660b87c52127b1a7da48e27700f75362041
- SHA256
  
  447ede1984bb4acd73bd97c0ec57a11c079cee8301c91fb199ca98c1906d3cc4
- SHA512
  
  64cf4fe7de68a35720d2b9338ba9cf182e127d95d72d2ccf7ff5c73a368133663e70c988a460825fa87b2d03717a4447948d5262f56aceb7c3bf1cb3ab5a41a5
- SSDEEP
  
  1536:2OCAsdBo+am5OMwr5IlALYKXgAJGsZhTjrjvjCXeO:ZCjta0OMuIlArVJGqT/jveXeO
Score

1^/10
behavioral7 behavioral8

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Scheduled Task/Job

T1053

Scheduled Task

T1053.005

Persistence

Scheduled Task/Job

T1053

Scheduled Task

T1053.005

Privilege Escalation

Scheduled Task/Job

T1053

Scheduled Task

T1053.005

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

Sharing

General

Malware Config

Extracted

Targets

Quasar RAT

Quasar payload

Detects Windows executables referencing non-Windows User-Agents

Detects binaries (Windows and macOS) referencing many web browsers. Observed in information stealers.

Detects executables containing common artifacts observed in infostealers

Executes dropped EXE

MITRE ATT&CK Matrix ATT&CK v13

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8