quasar | 5d0cbef4443db02296dfb37c7a9bce838b4beae8f726e6d3f3a60e6dd4691a74 | Triage

Sharing

General

Target

5d0cbef4443db02296dfb37c7a9bce838b4beae8f726e6d3f3a60e6dd4691a74
Size

774KB
Sample

241103-rz1l7syrbn
MD5

e30f4b28319c4d5d490a36c80698c7c5
SHA1

89199dbf12c0ca07992cedcd50ab366c04568fc5
SHA256

5d0cbef4443db02296dfb37c7a9bce838b4beae8f726e6d3f3a60e6dd4691a74
SHA512

3f2440155e22eb8c6ef359fe17755ffa270da6a6cec99ff31d23766390212895dc27e9aa55ee0b6b5720a96088dbd7be372a3ebf34fff4b756410c70fd52d353
SSDEEP

12288:rKnhyuMP6/bbH+NzvZ9KSDdBrxqzdxD0XGfnyr7Ha2/Mg45omnFjkCC1htlJI8XO:8YP6XeRKShcDD0X6nqHa2A5DF8tnI8+

Score

10^/10

quasar vtroy discovery spyware trojan

Malware Config

Extracted

Family

quasar

Version

1.3.0.0

Botnet

VTROY

C2

31.13.224.12:61512

31.13.224.13:61513

Mutex

QSR_MUTEX_4Q2rJqiVyC7hohzbjx

Attributes

encryption_key
7Vp2dMCHrMjJthQ2Elyy
install_name
downloads.exe
log_directory
Logs
reconnect_delay
5000
startup_key
cssrse.exe
subdirectory
downloadupdates

Targets

- Target
  
  5d0cbef4443db02296dfb37c7a9bce838b4beae8f726e6d3f3a60e6dd4691a74
- Size
  
  774KB
- MD5
  
  e30f4b28319c4d5d490a36c80698c7c5
- SHA1
  
  89199dbf12c0ca07992cedcd50ab366c04568fc5
- SHA256
  
  5d0cbef4443db02296dfb37c7a9bce838b4beae8f726e6d3f3a60e6dd4691a74
- SHA512
  
  3f2440155e22eb8c6ef359fe17755ffa270da6a6cec99ff31d23766390212895dc27e9aa55ee0b6b5720a96088dbd7be372a3ebf34fff4b756410c70fd52d353
- SSDEEP
  
  12288:rKnhyuMP6/bbH+NzvZ9KSDdBrxqzdxD0XGfnyr7Ha2/Mg45omnFjkCC1htlJI8XO:8YP6XeRKShcDD0X6nqHa2A5DF8tnI8+
Score

10^/10

quasar vtroy discovery spyware trojan
- Quasar RAT
  Quasar is an open source Remote Access Tool.
  trojan spyware quasar
- Quasar family
  quasar
- Quasar payload
- Executes dropped EXE
- Loads dropped DLL
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

quasarvtroydiscoveryspywaretrojan

behavioral2

quasarvtroydiscoveryspywaretrojan