quasar | a0fb85dec00548f95f3db18f567bcb75a9a083eebb637be6c88c2d2bf05e2a35 | Triage

Sharing

General

Target

a0fb85dec00548f95f3db18f567bcb75a9a083eebb637be6c88c2d2bf05e2a35.exe
Size

773KB
Sample

241102-n5e1xasrct
MD5

8fb841a089ce2c1c760ef67e5bde9a08
SHA1

9ba26c8f25a276a87175ae9eac909a8f4d97fd71
SHA256

a0fb85dec00548f95f3db18f567bcb75a9a083eebb637be6c88c2d2bf05e2a35
SHA512

a16739df2c02ea5e2116e1f2283a0f57d0a57e52431fa746c3334df20fbb4e96db6d1c4c5ed47cb92cb491afcd170794a0b31bde1180cff13caaaa9be59aa8e4
SSDEEP

24576:yoYAPo8TjClMteQB+JRVK7Ys4r7eTBp7cE7qzuS:yJFQjI9m+c7FpBZ7Iu

Score

10^/10

quasar vtroy discovery spyware trojan

Malware Config

Extracted

Family

quasar

Version

1.3.0.0

Botnet

VTROY

C2

31.13.224.12:61512

31.13.224.13:61513

Mutex

QSR_MUTEX_4Q2rJqiVyC7hohzbjx

Attributes

encryption_key
7Vp2dMCHrMjJthQ2Elyy
install_name
downloads.exe
log_directory
Logs
reconnect_delay
5000
startup_key
cssrse.exe
subdirectory
downloadupdates

Targets

- Target
  
  a0fb85dec00548f95f3db18f567bcb75a9a083eebb637be6c88c2d2bf05e2a35.exe
- Size
  
  773KB
- MD5
  
  8fb841a089ce2c1c760ef67e5bde9a08
- SHA1
  
  9ba26c8f25a276a87175ae9eac909a8f4d97fd71
- SHA256
  
  a0fb85dec00548f95f3db18f567bcb75a9a083eebb637be6c88c2d2bf05e2a35
- SHA512
  
  a16739df2c02ea5e2116e1f2283a0f57d0a57e52431fa746c3334df20fbb4e96db6d1c4c5ed47cb92cb491afcd170794a0b31bde1180cff13caaaa9be59aa8e4
- SSDEEP
  
  24576:yoYAPo8TjClMteQB+JRVK7Ys4r7eTBp7cE7qzuS:yJFQjI9m+c7FpBZ7Iu
Score

10^/10

quasar vtroy discovery spyware trojan
- Quasar RAT
  Quasar is an open source Remote Access Tool.
  trojan spyware quasar
- Quasar family
  quasar
- Quasar payload
- Executes dropped EXE
- Loads dropped DLL
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

quasarvtroydiscoveryspywaretrojan

behavioral2

quasarvtroydiscoveryspywaretrojan