quasar | a1ba76a8c187d43080d95acfb939a54d1b1c83546bbb4547990bbfcafd88c307 | Triage

Submit
Reports

Overview

overview

Static

static

3

2e72d847aa...38.exe

windows7-x64

2e72d847aa...38.exe

windows10-2004-x64

Sharing

General

Target

2e72d847aa6ea6680c769628c4ea4938.exe
Size

3.6MB
Sample

241109-g9z4baslhm
MD5

2e72d847aa6ea6680c769628c4ea4938
SHA1

5f4a1cacb1c414787a51444a06c1081a2e6eb469
SHA256

a1ba76a8c187d43080d95acfb939a54d1b1c83546bbb4547990bbfcafd88c307
SHA512

6c9797f4c4fdf0e36cc4efbb564f46617b5e83fc0ea44c4e1932e870183a577fedfd07f0376531841084892e1499cc870524c3f0aa707a61f187a779330629c1
SSDEEP

98304:Kh6wZR7VXWhBwoGQ/9KHjlWsO9ndIdYYWGyF:26iOwfS9KpWNa4

Score

10^/10

quasar jekwu discovery spyware trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

2e72d847aa6ea6680c769628c4ea4938.exe

Resource

win7-20240903-en

quasar jekwu discovery spyware trojan

windows7-x64

11 signatures

150 seconds

Behavioral task

behavioral2

Sample

2e72d847aa6ea6680c769628c4ea4938.exe

Resource

win10v2004-20241007-en

quasar jekwu discovery spyware trojan

windows10-2004-x64

11 signatures

150 seconds

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

JEKWU

C2

Zyg.ydns.eu:5829

Opy.ydns.eu:5829

Mutex

9c58b2ba-07eb-415a-b48b-21bbb68d32285e

Attributes

encryption_key
C5B555A83D127A9553D4FB1FCECB35CE8E91A447
install_name
outlooks.exe
log_directory
Logs
reconnect_delay
3000
startup_key
Outlooks
subdirectory
WindowsUpdates

Targets

- Target
  
  2e72d847aa6ea6680c769628c4ea4938.exe
- Size
  
  3.6MB
- MD5
  
  2e72d847aa6ea6680c769628c4ea4938
- SHA1
  
  5f4a1cacb1c414787a51444a06c1081a2e6eb469
- SHA256
  
  a1ba76a8c187d43080d95acfb939a54d1b1c83546bbb4547990bbfcafd88c307
- SHA512
  
  6c9797f4c4fdf0e36cc4efbb564f46617b5e83fc0ea44c4e1932e870183a577fedfd07f0376531841084892e1499cc870524c3f0aa707a61f187a779330629c1
- SSDEEP
  
  98304:Kh6wZR7VXWhBwoGQ/9KHjlWsO9ndIdYYWGyF:26iOwfS9KpWNa4
Score

10^/10

quasar jekwu discovery spyware trojan
- Quasar RAT
  Quasar is an open source Remote Access Tool.
  trojan spyware quasar
- Quasar family
  quasar
- Quasar payload
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

quasarjekwudiscoveryspywaretrojan

behavioral2

quasarjekwudiscoveryspywaretrojan

© 2018-2024

Terms | Privacy