quasar | 90df3fa2c8b6470115f4f8a4ac955bfa35b07ac6d4d796da6f99c89dbb1820a0 | Triage

Submit
Reports

Overview

overview

Static

static

3

Bestellung...om.exe

windows7-x64

Bestellung...om.exe

windows10-2004-x64

Sharing

General

Target

Bestellung - 20240001833.com.exe
Size

3.7MB
Sample

241105-vf811stqg1
MD5

67eea4de4c8b5f49ee6feb688c0060c7
SHA1

fd390e9e0ef5c59ff4750f74a1770da2c3ef993d
SHA256

90df3fa2c8b6470115f4f8a4ac955bfa35b07ac6d4d796da6f99c89dbb1820a0
SHA512

df9ff675ea6fae9b26a1e0aa6085d674012d44f057c8669ac469b55c5f3a3565c9c4abec7f8b87ea653751db51e6ee219b17b5d45a5a52c1d33ff4c0df86fc4f
SSDEEP

98304:bVQ4wA0cWyRF1FBOOvfjukPW5hrDksmz6Nlk:YyZFBNfjzYhrDY6

Score

10^/10

quasar dave discovery spyware trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

Bestellung - 20240001833.com.exe

Resource

win7-20240729-en

quasar dave discovery spyware trojan

windows7-x64

11 signatures

150 seconds

Behavioral task

behavioral2

Sample

Bestellung - 20240001833.com.exe

Resource

win10v2004-20241007-en

quasar dave discovery spyware trojan

windows10-2004-x64

11 signatures

150 seconds

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

DAVE

C2

hoffmann3.ydns.eu:5829

bich23.ydns.eu:5829

Mutex

309db0e8-63c5-4e08-a2f3-92745d11177da5

Attributes

encryption_key
C5B555A83D127A9553D4FB1FCECB35CE8E91A447
install_name
outlook.exe
log_directory
Logs
reconnect_delay
3000
startup_key
Outlook
subdirectory
WindowsUpdate

Targets

- Target
  
  Bestellung - 20240001833.com.exe
- Size
  
  3.7MB
- MD5
  
  67eea4de4c8b5f49ee6feb688c0060c7
- SHA1
  
  fd390e9e0ef5c59ff4750f74a1770da2c3ef993d
- SHA256
  
  90df3fa2c8b6470115f4f8a4ac955bfa35b07ac6d4d796da6f99c89dbb1820a0
- SHA512
  
  df9ff675ea6fae9b26a1e0aa6085d674012d44f057c8669ac469b55c5f3a3565c9c4abec7f8b87ea653751db51e6ee219b17b5d45a5a52c1d33ff4c0df86fc4f
- SSDEEP
  
  98304:bVQ4wA0cWyRF1FBOOvfjukPW5hrDksmz6Nlk:YyZFBNfjzYhrDY6
Score

10^/10

quasar dave discovery spyware trojan
- Quasar RAT
  Quasar is an open source Remote Access Tool.
  trojan spyware quasar
- Quasar family
  quasar
- Quasar payload
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

quasardavediscoveryspywaretrojan

behavioral2

quasardavediscoveryspywaretrojan

© 2018-2025

Terms | Privacy