quasar | f8310b9b5ae9c3f90b01d84c8022b6fdd7bbd29ba56a600d948be6eff75d426f | Triage

Sharing

Copy URL Twitter E-mail

General

Target

Neo.bat
Size

272KB
Sample

240629-acemsawbla
MD5

c674b29c2da91c60f4221b2e87fe8c15
SHA1

3b79cb45ace0ddfedf1fa6f1b012321d830bf94f
SHA256

f8310b9b5ae9c3f90b01d84c8022b6fdd7bbd29ba56a600d948be6eff75d426f
SHA512

4f1c04ca8e4b0a2fd42a548245f49170ec65857098ac0f9bcebb96e10e19423f3a1c361c0ef0e5b9b1578d481342edcaca71c7a5846d1cd803db4868705dbb1b
SSDEEP

6144:PX3bTXRS0eSuT+pRHttyzLOh8cU/rzckvlfFPtoqNwRUo:fPBmSuWXtyziacUDzNfPtoUC

Score

10^/10

quasar slave execution spyware trojan

Malware Config

Extracted

Family

quasar

Version

1.1.0

Botnet

Slave

C2

runderscore00-42512.portmap.io:42512

Mutex

QSR_MUTEX_aYgVTolyJfnSo2kPQj

Attributes

encryption_key
PK7SpR1WESSqHBwmTfVi
install_name
Client.exe
log_directory
Logs
reconnect_delay
3000
startup_key
Quasar Client Startup
subdirectory
SubDir

Targets

- Target
  
  Neo.bat
- Size
  
  272KB
- MD5
  
  c674b29c2da91c60f4221b2e87fe8c15
- SHA1
  
  3b79cb45ace0ddfedf1fa6f1b012321d830bf94f
- SHA256
  
  f8310b9b5ae9c3f90b01d84c8022b6fdd7bbd29ba56a600d948be6eff75d426f
- SHA512
  
  4f1c04ca8e4b0a2fd42a548245f49170ec65857098ac0f9bcebb96e10e19423f3a1c361c0ef0e5b9b1578d481342edcaca71c7a5846d1cd803db4868705dbb1b
- SSDEEP
  
  6144:PX3bTXRS0eSuT+pRHttyzLOh8cU/rzckvlfFPtoqNwRUo:fPBmSuWXtyziacUDzNfPtoUC
Score

10^/10

quasar slave execution spyware trojan
- Quasar RAT
  Quasar is an open source Remote Access Tool.
  trojan spyware quasar
- Quasar payload
- Blocklisted process makes network request
- Command and Scripting Interpreter: PowerShell
  Run Powershell and hide display window.
  execution
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2 behavioral3

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

quasarslaveexecutionspywaretrojan

behavioral2

quasarslaveexecutionspywaretrojan

behavioral3

quasarslaveexecutionspywaretrojan