quasar | cf1f9aa93af680a196f52f46de82e37adf6bc7be50018d3ca3b38d6ff16df2d4

Resubmissions

14/10/2024, 20:23

241014-y6cbhsydjn 10

14/10/2024, 20:20

241014-y4k6msyclj 10

14/10/2024, 20:16

241014-y184asyarp 10

14/10/2024, 20:08

241014-ywzztsxgpp 10

Sharing

Copy URL Twitter E-mail

General

Target

Client-built.exe
Size

3.1MB
Sample

241014-y4k6msyclj
MD5

58b8b37869465016462b7b14b86d2bb8
SHA1

b5d31e9f8691153b7716c8b5e40211556a7c5710
SHA256

cf1f9aa93af680a196f52f46de82e37adf6bc7be50018d3ca3b38d6ff16df2d4
SHA512

9dc86b3c7a924f86108a0e013ce5859cbc9c60fc61e601378d5f4bca8d593919ccabca336b14205fd696e7b7801eff1f330a342684e488fbf43a951f8ee06b56
SSDEEP

49152:AvcI22SsaNYfdPBldt698dBcjHVGR16dbR3toGd3THHB72eh2NT:AvR22SsaNYfdPBldt6+dBcjHVGR16J

Score

10^/10

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

Traige

Alessandrolol66-30592.portmap.host:30592

Mutex

45bdc82f-bdfb-446e-af9c-d0a46e53752d

Attributes

encryption_key
B11D992865826F9FDFE1488DBCF3B1031C9ED9CB
install_name
Client.exe
log_directory
Logs
reconnect_delay
3000
startup_key
Windows.Sys
subdirectory
SubDir

Targets

- Target
  
  Client-built.exe
- Size
  
  3.1MB
- MD5
  
  58b8b37869465016462b7b14b86d2bb8
- SHA1
  
  b5d31e9f8691153b7716c8b5e40211556a7c5710
- SHA256
  
  cf1f9aa93af680a196f52f46de82e37adf6bc7be50018d3ca3b38d6ff16df2d4
- SHA512
  
  9dc86b3c7a924f86108a0e013ce5859cbc9c60fc61e601378d5f4bca8d593919ccabca336b14205fd696e7b7801eff1f330a342684e488fbf43a951f8ee06b56
- SSDEEP
  
  49152:AvcI22SsaNYfdPBldt698dBcjHVGR16dbR3toGd3THHB72eh2NT:AvR22SsaNYfdPBldt6+dBcjHVGR16J
Score

10^/10

quasar traige spyware stealer trojan
- Quasar RAT
  Quasar is an open source Remote Access Tool.
  trojan spyware quasar
- Quasar payload
- Executes dropped EXE
- Reads WinSCP keys stored on the system
  Tries to access WinSCP stored sessions.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
behavioral1 behavioral2 behavioral3

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials from Password Stores

T1555

Credentials from Web Browsers

T1555.003

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Credentials in Registry

T1552.002

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Tasks

Resubmissions

Sharing

General

Malware Config

Extracted

Targets

Quasar RAT

Quasar payload

Executes dropped EXE

Reads WinSCP keys stored on the system

Reads user/profile data of web browsers

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3