quasar | ee77b42fb254cef1f950668b0be51d87239d5134f0f92819fd8da1093fc8ced5

General

Target

ee77b42fb254cef1f950668b0be51d87239d5134f0f92819fd8da1093fc8ced5.exe
Size

1.2MB
Sample

241104-dka64ssbnc
MD5

4dd83334fef3b9d7e5067482cec38477
SHA1

ccc0dbee8923d7232471c654451bffa36adffbad
SHA256

ee77b42fb254cef1f950668b0be51d87239d5134f0f92819fd8da1093fc8ced5
SHA512

84c15c60e87346208c7964db16a80f36f4f6981c5ebedcef072aaa0090c087c0d879841eeabf516a9432be48d6ddb35ee0f9739baa4085d0a60cc118fd6e6aec
SSDEEP

24576:Currek0x+kDlM+BCUlNGfnUvlZTF6DU+acRIwc8CNdlltK:CurSk0xx+opMGlZTT+XxEtK

Score

10^/10

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

newzzz

C2

193.124.205.71:5228

Mutex

a4f616c8-d1cd-4f76-ba66-226e115aa50e

Attributes

encryption_key
133BC02FFBBFFB2A15EC33D664C8D9C62CB17983
install_name
Client.exe
log_directory
Cast
reconnect_delay
3000
startup_key
SubDir
subdirectory
SubDir

Targets

- Target
  
  ee77b42fb254cef1f950668b0be51d87239d5134f0f92819fd8da1093fc8ced5.exe
- Size
  
  1.2MB
- MD5
  
  4dd83334fef3b9d7e5067482cec38477
- SHA1
  
  ccc0dbee8923d7232471c654451bffa36adffbad
- SHA256
  
  ee77b42fb254cef1f950668b0be51d87239d5134f0f92819fd8da1093fc8ced5
- SHA512
  
  84c15c60e87346208c7964db16a80f36f4f6981c5ebedcef072aaa0090c087c0d879841eeabf516a9432be48d6ddb35ee0f9739baa4085d0a60cc118fd6e6aec
- SSDEEP
  
  24576:Currek0x+kDlM+BCUlNGfnUvlZTF6DU+acRIwc8CNdlltK:CurSk0xx+opMGlZTT+XxEtK
Score

10^/10

quasar newzzz execution spyware trojan
- Quasar RAT
  Quasar is an open source Remote Access Tool.
  trojan spyware quasar
- Quasar family
  quasar
- Quasar payload
- Command and Scripting Interpreter: PowerShell
  Run Powershell and hide display window.
  execution
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

1

T1059

PowerShell

1

T1059.001

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

2

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Quasar RAT

Quasar family

Quasar payload

Command and Scripting Interpreter: PowerShell

Checks computer location settings

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2