quasar | 88aef0191ee6c4a8de8c970cd3bbfd8e9528b35ffb39a5633280dfff48d4f1d9 | Triage

Sharing

General

Target

88aef0191ee6c4a8de8c970cd3bbfd8e9528b35ffb39a5633280dfff48d4f1d9.zip
Size

2.1MB
Sample

241107-c9cksswmaj
MD5

09773ae40748d02c8d3a6d683a0ae3aa
SHA1

ec29119f310badd2f323ef3b90f2d612ca1097d0
SHA256

88aef0191ee6c4a8de8c970cd3bbfd8e9528b35ffb39a5633280dfff48d4f1d9
SHA512

2f8746844d431633c1cec4585748a08aab7db709aee4ab90718f3e9c200f62f993597640d9eef4e69d2597518207876a24b27232bbfcbafc350331411e0d6240
SSDEEP

49152:trLr72/52cx4+iGs1MCBMGCIFiJ17gPImC53bxXVVoHwKW:trz27K+iGeMpJWQZ51PqvW

Score

10^/10

quasar ching-chong discovery spyware trojan

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

CHING-CHONG

C2

goooooooool.com:1337

Mutex

771ac64-b9299-43dc-b9229-3a828da05

Attributes

encryption_key
1FBC2542A1A2F356C726019FD7BD6FEA628A4E1A
install_name
shellhost.exe
log_directory
syslogs
reconnect_delay
3333
startup_key
ShellHost
subdirectory
Code

Targets

- Target
  
  hourprojections/hourprojections.exe
- Size
  
  2.2MB
- MD5
  
  cf118a2c4586551e6eae18e41b52842a
- SHA1
  
  4e3518b74b2ae236777986f27d45d8d70358256e
- SHA256
  
  dddf4ec4d813131cd65ab7386154db7ed9d63ce84e4704a5532e7aa22e624c58
- SHA512
  
  121276892dda96e7e67416ead523c6fe3bfb7f32d6a24d3b7a494bfe82be03430010907d8ba8eb0c4eb5248f958ee489788c32d2295f190ee3b6502c3358a8d3
- SSDEEP
  
  49152:a7ptnb2Lrccd46i8IfuCnAaYMXmJR1CfWmO9xbHRFV8HU:o92L+6i8IAZJ6+zDx/m
Score

10^/10

discovery quasar ching-chong spyware trojan
- Quasar RAT
  Quasar is an open source Remote Access Tool.
  trojan spyware quasar
- Quasar family
  quasar
- Quasar payload
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Executes dropped EXE
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

quasarching-chongdiscoveryspywaretrojan