quasar | bbea0c056d01b506a9a6d37b6aca9147466e65a962f4b140887334e6f4a23b6c | Triage

Submit
Reports

Overview

overview

Static

static

3

Auftragsbe...om.exe

windows7-x64

Auftragsbe...om.exe

windows10-2004-x64

Sharing

General

Target

Auftragsbestätigung 20241107_pdf.com.exe
Size

3.7MB
Sample

241107-jw4wfs1mgk
MD5

5d350ff6f79df58f29f77fc7b74d892e
SHA1

4cdb861ef0884b613071d7351b3564402722811f
SHA256

bbea0c056d01b506a9a6d37b6aca9147466e65a962f4b140887334e6f4a23b6c
SHA512

758ff980aaf24e66cc45d410c967d3f37aad9a46db9d79b815f222fd8999786637a5df7d7cb74f194b79a0216b35a3a77e8c2c2c8443194b27eef132b07664ff
SSDEEP

98304:YfpDVLWR3t89g0luja0VOsfBR42dNVePoEJimT7fci+DMQzlxkPYm:qpDVaRiabbPBJdDePoEQmPfciIMF

Score

10^/10

quasar dave discovery spyware trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

Auftragsbestätigung 20241107_pdf.com.exe

Resource

win7-20240903-en

quasar dave discovery spyware trojan

windows7-x64

12 signatures

150 seconds

Behavioral task

behavioral2

Sample

Auftragsbestätigung 20241107_pdf.com.exe

Resource

win10v2004-20241007-en

quasar dave discovery spyware trojan

windows10-2004-x64

11 signatures

150 seconds

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

DAVE

C2

hoffmann3.ydns.eu:5829

bich23.ydns.eu:5829

Mutex

309db0e8-63c5-4e08-a2f3-92745d11177da5

Attributes

encryption_key
C5B555A83D127A9553D4FB1FCECB35CE8E91A447
install_name
outlook.exe
log_directory
Logs
reconnect_delay
3000
startup_key
Outlook
subdirectory
WindowsUpdate

Targets

- Target
  
  Auftragsbestätigung 20241107_pdf.com.exe
- Size
  
  3.7MB
- MD5
  
  5d350ff6f79df58f29f77fc7b74d892e
- SHA1
  
  4cdb861ef0884b613071d7351b3564402722811f
- SHA256
  
  bbea0c056d01b506a9a6d37b6aca9147466e65a962f4b140887334e6f4a23b6c
- SHA512
  
  758ff980aaf24e66cc45d410c967d3f37aad9a46db9d79b815f222fd8999786637a5df7d7cb74f194b79a0216b35a3a77e8c2c2c8443194b27eef132b07664ff
- SSDEEP
  
  98304:YfpDVLWR3t89g0luja0VOsfBR42dNVePoEJimT7fci+DMQzlxkPYm:qpDVaRiabbPBJdDePoEQmPfciIMF
Score

10^/10

quasar dave discovery spyware trojan
- Quasar RAT
  Quasar is an open source Remote Access Tool.
  trojan spyware quasar
- Quasar family
  quasar
- Quasar payload
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

quasardavediscoveryspywaretrojan

behavioral2

quasardavediscoveryspywaretrojan

© 2018-2024

Terms | Privacy