quasar | 68cbdca0e0174a509f79c50d35c832b20578e0ff63a14e8dd26073b974a8909f | Triage

Submit
Reports

Overview

overview

Static

static

3

90df3fa2c8...a0.exe

windows7-x64

90df3fa2c8...a0.exe

windows10-2004-x64

Sharing

General

Target

67eea4de4c8b5f49ee6feb688c0060c7.bin
Size

3.6MB
Sample

241107-btm6xssdnd
MD5

10461f78434e31c0b10c276e565b6394
SHA1

9519623216906963c47db7e47f18e49b87038544
SHA256

68cbdca0e0174a509f79c50d35c832b20578e0ff63a14e8dd26073b974a8909f
SHA512

a598106657833c1f1c17cac0fde96a1843776a98c55028b1da47b1e3aa210fbfe8f8c80d515130a46e59c963ac70f59b1b774786e11d7e8f4cb605284c4e2134
SSDEEP

49152:nI36MbhixfCRLR9Ge6WqEKPQyGWV6Oe9vrFlFrQeXwXHZ+TrBq5JDwO96WKM75Cf:IB0fu6XEKP3r67jgJeBqD0WjtLtC5

Score

10^/10

quasar dave discovery spyware trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

90df3fa2c8b6470115f4f8a4ac955bfa35b07ac6d4d796da6f99c89dbb1820a0.exe

Resource

win7-20241023-en

quasar dave discovery spyware trojan

windows7-x64

11 signatures

150 seconds

Behavioral task

behavioral2

Sample

90df3fa2c8b6470115f4f8a4ac955bfa35b07ac6d4d796da6f99c89dbb1820a0.exe

Resource

win10v2004-20241007-en

quasar dave discovery spyware trojan

windows10-2004-x64

11 signatures

150 seconds

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

DAVE

C2

hoffmann3.ydns.eu:5829

bich23.ydns.eu:5829

Mutex

309db0e8-63c5-4e08-a2f3-92745d11177da5

Attributes

encryption_key
C5B555A83D127A9553D4FB1FCECB35CE8E91A447
install_name
outlook.exe
log_directory
Logs
reconnect_delay
3000
startup_key
Outlook
subdirectory
WindowsUpdate

Targets

- Target
  
  90df3fa2c8b6470115f4f8a4ac955bfa35b07ac6d4d796da6f99c89dbb1820a0.exe
- Size
  
  3.7MB
- MD5
  
  67eea4de4c8b5f49ee6feb688c0060c7
- SHA1
  
  fd390e9e0ef5c59ff4750f74a1770da2c3ef993d
- SHA256
  
  90df3fa2c8b6470115f4f8a4ac955bfa35b07ac6d4d796da6f99c89dbb1820a0
- SHA512
  
  df9ff675ea6fae9b26a1e0aa6085d674012d44f057c8669ac469b55c5f3a3565c9c4abec7f8b87ea653751db51e6ee219b17b5d45a5a52c1d33ff4c0df86fc4f
- SSDEEP
  
  98304:bVQ4wA0cWyRF1FBOOvfjukPW5hrDksmz6Nlk:YyZFBNfjzYhrDY6
Score

10^/10

quasar dave discovery spyware trojan
- Quasar RAT
  Quasar is an open source Remote Access Tool.
  trojan spyware quasar
- Quasar family
  quasar
- Quasar payload
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

quasardavediscoveryspywaretrojan

behavioral2

quasardavediscoveryspywaretrojan

© 2018-2024

Terms | Privacy