quasar | 3df20b1c9806c327d72824f1b9a4ffcbe702d152fbf11fca42a36c862cbafd0a | Triage

Sharing

General

Target

3df20b1c9806c327d72824f1b9a4ffcbe702d152fbf11fca42a36c862cbafd0a.exe
Size

774KB
Sample

241103-c359jasejh
MD5

b8fc2efcc33d3160f38fcb6b39319e6a
SHA1

a61413a5b6c19b4a388e6c89aaa9304c657b3e08
SHA256

3df20b1c9806c327d72824f1b9a4ffcbe702d152fbf11fca42a36c862cbafd0a
SHA512

ba4ef7ec5dd7b9ad8ec49ef73315bded8ecc72212b11e3a1384b6d4f3f264867312cda41268a8d1df6fc8c3caa63813c15aa4ff29f0324360a95d59de3456d3b
SSDEEP

24576:XBx+Lv/QRiHCywDv2JIh7tJIYZFk+XJJ:xeXBm2JIDJNDXJ

Score

10^/10

quasar vtroy discovery spyware trojan

Malware Config

Extracted

Family

quasar

Version

1.3.0.0

Botnet

VTROY

C2

31.13.224.12:61512

31.13.224.13:61513

Mutex

QSR_MUTEX_4Q2rJqiVyC7hohzbjx

Attributes

encryption_key
7Vp2dMCHrMjJthQ2Elyy
install_name
downloads.exe
log_directory
Logs
reconnect_delay
5000
startup_key
cssrse.exe
subdirectory
downloadupdates

Targets

- Target
  
  3df20b1c9806c327d72824f1b9a4ffcbe702d152fbf11fca42a36c862cbafd0a.exe
- Size
  
  774KB
- MD5
  
  b8fc2efcc33d3160f38fcb6b39319e6a
- SHA1
  
  a61413a5b6c19b4a388e6c89aaa9304c657b3e08
- SHA256
  
  3df20b1c9806c327d72824f1b9a4ffcbe702d152fbf11fca42a36c862cbafd0a
- SHA512
  
  ba4ef7ec5dd7b9ad8ec49ef73315bded8ecc72212b11e3a1384b6d4f3f264867312cda41268a8d1df6fc8c3caa63813c15aa4ff29f0324360a95d59de3456d3b
- SSDEEP
  
  24576:XBx+Lv/QRiHCywDv2JIh7tJIYZFk+XJJ:xeXBm2JIDJNDXJ
Score

10^/10

quasar vtroy discovery spyware trojan
- Quasar RAT
  Quasar is an open source Remote Access Tool.
  trojan spyware quasar
- Quasar family
  quasar
- Quasar payload
- Executes dropped EXE
- Loads dropped DLL
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

quasarvtroydiscoveryspywaretrojan

behavioral2

quasarvtroydiscoveryspywaretrojan