quasar | 1e0819a321e43f692e6f2bb08c153ac62b2ae2cbbfb3a1ac7806d55ca3b54df9 | Triage

Sharing

General

Target

SC.cmd
Size

1.9MB
Sample

241003-p2cl2s1fqf
MD5

df146ae56b040ce90f1c879a8282a03e
SHA1

2e6024ad1883b72057dbaf5eaa2ea84656a443cf
SHA256

1e0819a321e43f692e6f2bb08c153ac62b2ae2cbbfb3a1ac7806d55ca3b54df9
SHA512

fbec78d95389a2649b86ab8d452af51ab5414e73b5e371838d8e11e85f49573d2452eb97d6790b2bcdb32d9015e30e2396d9570c962c45eeed67351df622ea08
SSDEEP

24576:TKLGeNfzqE3gY/noO0Bq8JvRMiUOCYUsQJQTUVXLbsPYmgaF+qbAmMNN0DCDYEpE:b2dGqkqgv+uS6B5R

Score

10^/10

quasar solana execution spyware trojan

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

solana

C2

azure-winsecure.com:7000

Mutex

223694e0-c20b-492e-8b54-5934c96afd76

Attributes

encryption_key
17CE40DD961A56228B8201AD691A6B8B2B149755
install_name
Client.exe
log_directory
windowskeys
reconnect_delay
3000
startup_key
Quasar Client Startup
subdirectory
SubDir

Targets

- Target
  
  SC.cmd
- Size
  
  1.9MB
- MD5
  
  df146ae56b040ce90f1c879a8282a03e
- SHA1
  
  2e6024ad1883b72057dbaf5eaa2ea84656a443cf
- SHA256
  
  1e0819a321e43f692e6f2bb08c153ac62b2ae2cbbfb3a1ac7806d55ca3b54df9
- SHA512
  
  fbec78d95389a2649b86ab8d452af51ab5414e73b5e371838d8e11e85f49573d2452eb97d6790b2bcdb32d9015e30e2396d9570c962c45eeed67351df622ea08
- SSDEEP
  
  24576:TKLGeNfzqE3gY/noO0Bq8JvRMiUOCYUsQJQTUVXLbsPYmgaF+qbAmMNN0DCDYEpE:b2dGqkqgv+uS6B5R
Score

10^/10

execution quasar solana spyware trojan
- Quasar RAT
  Quasar is an open source Remote Access Tool.
  trojan spyware quasar
- Quasar payload
- Blocklisted process makes network request
- Command and Scripting Interpreter: PowerShell
  Run Powershell and hide display window.
  execution
- Command and Scripting Interpreter: PowerShell
  Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
  execution
- Deletes itself
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

quasarsolanaexecutionspywaretrojan