quasar | 6d4a4d03e1313c9934ba3223e408ba1c18d4e00efc4205e229e10468b5b6d327 | Triage

Submit
Reports

Overview

overview

Static

static

1

text.txt

windows7-x64

Resubmissions

02-11-2024 04:50

241102-fgf93axpav 10

Sharing

General

Target

text.txt
Size

103B
Sample

241102-fgf93axpav
MD5

181acbc86809adb53c626c41f110232b
SHA1

fc964fbf9653e17776b0772810f13667f1d08ca2
SHA256

6d4a4d03e1313c9934ba3223e408ba1c18d4e00efc4205e229e10468b5b6d327
SHA512

6c5c9daa0c022b9de83ff49058d531ff3904f974253a435a3be35b9c307f2f2b9f4894818065cf700ad169ab836cafc66f8bb385bd7d9dd0c6eddb526e2ef018

Score

10^/10

quasar vtroy discovery spyware trojan

Static task

static1

Behavioral task

behavioral1

Sample

text.txt

Resource

win7-20240903-en

quasar vtroy discovery spyware trojan

windows7-x64

21 signatures

150 seconds

Malware Config

Extracted

Family

quasar

Version

1.3.0.0

Botnet

VTROY

C2

31.13.224.12:61512

31.13.224.13:61513

Mutex

QSR_MUTEX_4Q2rJqiVyC7hohzbjx

Attributes

encryption_key
7Vp2dMCHrMjJthQ2Elyy
install_name
downloads.exe
log_directory
Logs
reconnect_delay
5000
startup_key
cssrse.exe
subdirectory
downloadupdates

Targets

- Target
  
  text.txt
- Size
  
  103B
- MD5
  
  181acbc86809adb53c626c41f110232b
- SHA1
  
  fc964fbf9653e17776b0772810f13667f1d08ca2
- SHA256
  
  6d4a4d03e1313c9934ba3223e408ba1c18d4e00efc4205e229e10468b5b6d327
- SHA512
  
  6c5c9daa0c022b9de83ff49058d531ff3904f974253a435a3be35b9c307f2f2b9f4894818065cf700ad169ab836cafc66f8bb385bd7d9dd0c6eddb526e2ef018
Score

10^/10

quasar vtroy discovery spyware trojan
- Quasar RAT
  Quasar is an open source Remote Access Tool.
  trojan spyware quasar
- Quasar family
  quasar
- Quasar payload
- Downloads MZ/PE file
- Executes dropped EXE
- Loads dropped DLL
- Unexpected DNS network traffic destination
  Network traffic to other servers than the configured DNS servers was detected on the DNS port.
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

quasarvtroydiscoveryspywaretrojan

© 2018-2024

Terms | Privacy