quasar | 3c0a306740f04bc2f2edcb8e1f9324fcff0ade4b605b01de325db65ad67f48e9 | Triage

Sharing

General

Target

8fb841a089ce2c1c760ef67e5bde9a08.bin
Size

729KB
Sample

241103-byckzs1emm
MD5

bf106dbad8a627ce88ad132bb25bc6ab
SHA1

54a939b24d66454223a63b0f48bcb955d6ce20b2
SHA256

3c0a306740f04bc2f2edcb8e1f9324fcff0ade4b605b01de325db65ad67f48e9
SHA512

59ea45bcea9cd21420694a72159dcd20e2fc21d3576d125f093b9f23fe91c0961a8f7235b5e11332a8d01be07ba25996fc4f6f42d03e772d1278a28af047b979
SSDEEP

12288:LjNGu+CvZny7mxiHaZpgXrje0JrI686z6NouSrb7IHPRxERLqR3Evz65ZKOAsr4H:LxGevZnxsrjeUrI686gkr/IvR+RKU0Zc

Score

10^/10

quasar vtroy discovery spyware trojan

Malware Config

Extracted

Family

quasar

Version

1.3.0.0

Botnet

VTROY

C2

31.13.224.12:61512

31.13.224.13:61513

Mutex

QSR_MUTEX_4Q2rJqiVyC7hohzbjx

Attributes

encryption_key
7Vp2dMCHrMjJthQ2Elyy
install_name
downloads.exe
log_directory
Logs
reconnect_delay
5000
startup_key
cssrse.exe
subdirectory
downloadupdates

Targets

- Target
  
  a0fb85dec00548f95f3db18f567bcb75a9a083eebb637be6c88c2d2bf05e2a35.exe
- Size
  
  773KB
- MD5
  
  8fb841a089ce2c1c760ef67e5bde9a08
- SHA1
  
  9ba26c8f25a276a87175ae9eac909a8f4d97fd71
- SHA256
  
  a0fb85dec00548f95f3db18f567bcb75a9a083eebb637be6c88c2d2bf05e2a35
- SHA512
  
  a16739df2c02ea5e2116e1f2283a0f57d0a57e52431fa746c3334df20fbb4e96db6d1c4c5ed47cb92cb491afcd170794a0b31bde1180cff13caaaa9be59aa8e4
- SSDEEP
  
  24576:yoYAPo8TjClMteQB+JRVK7Ys4r7eTBp7cE7qzuS:yJFQjI9m+c7FpBZ7Iu
Score

10^/10

quasar vtroy discovery spyware trojan
- Quasar RAT
  Quasar is an open source Remote Access Tool.
  trojan spyware quasar
- Quasar family
  quasar
- Quasar payload
- Executes dropped EXE
- Loads dropped DLL
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

quasarvtroydiscoveryspywaretrojan

behavioral2

quasarvtroydiscoveryspywaretrojan