quasar | 18ef1073b11b6020393e588a9e799695fdf9431d78bdf82ceb9b071a84439282 | Triage

Submit
Reports

Overview

overview

Static

static

3

3500bbffeb...40.exe

windows7-x64

3500bbffeb...40.exe

windows10-2004-x64

Sharing

General

Target

344f6de65a483ad7a020969700d09d72.bin
Size

3.6MB
Sample

241103-bg9jdstlfm
MD5

fb1d63bfbbc1eb5270da9dcf12ebd70e
SHA1

1b6b5caff773a726b3478fb1d4860d56c6038a9e
SHA256

18ef1073b11b6020393e588a9e799695fdf9431d78bdf82ceb9b071a84439282
SHA512

c78d1db4dcb792acabcba5da20f2abd1fd319790e6fd39a61d6d6d5c19e2f14f97ebe2b8e24022a896f161573de1a439632f8a63485bad73dc0f2d993b21e605
SSDEEP

98304:l0g1dFoAToEjksTvKsYWnRcZ+hsy+Lckh:l0cwQoEjksvKWRcq8cQ

Score

10^/10

quasar ikeya discovery spyware trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

3500bbffeb19a0e63ba255abcbc2f7c3a5985aa6f4eda3490dd7a795bc546540.exe

Resource

win7-20240903-en

quasar ikeya discovery spyware trojan

windows7-x64

15 signatures

150 seconds

Behavioral task

behavioral2

Sample

3500bbffeb19a0e63ba255abcbc2f7c3a5985aa6f4eda3490dd7a795bc546540.exe

Resource

win10v2004-20241007-en

quasar ikeya discovery spyware trojan

windows10-2004-x64

14 signatures

150 seconds

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

Ikeya

C2

ikeya.ydns.eu:1979

Mutex

4d6bdac9-e1ab-48f1-a31b-211bd19cfad1

Attributes

encryption_key
06D26BCF3E82015C2B11E1D89A21612299A5931B
install_name
windows.exe
log_directory
Logs
reconnect_delay
3000
startup_key
Quasar Client Startup
subdirectory
SubDir

Targets

- Target
  
  3500bbffeb19a0e63ba255abcbc2f7c3a5985aa6f4eda3490dd7a795bc546540.exe
- Size
  
  3.6MB
- MD5
  
  344f6de65a483ad7a020969700d09d72
- SHA1
  
  c8ce64edf227beadb3b445f2ded81313b885f1ae
- SHA256
  
  3500bbffeb19a0e63ba255abcbc2f7c3a5985aa6f4eda3490dd7a795bc546540
- SHA512
  
  de6637315b3900cace3bbc096ea459310b265835c00cb769f5bf29a8ec2592e3db1c74656099886fe4a5afcaec33e8a9dacaaa0a88c65d2be9e40478e6f1646c
- SSDEEP
  
  98304:6P4PLLSLRqETI5tSTGkmJhCyUqeuanHOp8:rUClJhCyUqGnHY
Score

10^/10

quasar ikeya discovery spyware trojan
- Quasar RAT
  Quasar is an open source Remote Access Tool.
  trojan spyware quasar
- Quasar family
  quasar
- Quasar payload
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Discovery

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

quasarikeyadiscoveryspywaretrojan

behavioral2

quasarikeyadiscoveryspywaretrojan

© 2018-2024

Terms | Privacy