quasar | cae8174d33366208ec89a8a16b349f7a78409b7f6421b24c25a1711f222f180b | Triage

Submit
Reports

Overview

overview

Static

static

5

VEGAS_Pro_20.0.0.exe

windows11-21h2-x64

Sharing

General

Target

VEGAS_Pro_20.0.0.exe
Size

677.8MB
Sample

241109-ytw56a1drl
MD5

3548345d694b258ecdacfb30bf01ef32
SHA1

cf958f11cd7b52f0395d9cbfc0c7c43b01d55ba8
SHA256

cae8174d33366208ec89a8a16b349f7a78409b7f6421b24c25a1711f222f180b
SHA512

bb2b5c4ef4cdc76a182506dcd44fe1f0d8b5ef81261a1463e1c835a37f6c10e2d9d6daf3381df53649fe0a66aed80aeeebb242a244a094603f168a946272f597
SSDEEP

12582912:VpwoWBS+gchR75aVsLbNWMXOpWe2ejvclvdm7Btj9En2nfwgCnXT:/c4+gGLaVKV5eVvclInfw7

Score

10^/10

quasar vegas discovery spyware trojan

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

VEGAS_Pro_20.0.0.exe

Resource

win11-20241023-en

quasar vegas discovery spyware trojan

windows11-21h2-x64

13 signatures

150 seconds

Malware Config

Extracted

Family

quasar

Version

1.3.0.0

Botnet

Vegas

C2

stopman.ooguy.com:1980

craftIP.gize.com:1980

Mutex

hbDAGXDpWKGDNPO4ZT

Attributes

encryption_key
oWXRR9aQDa0d3E44x2b3
install_name
Client.exe
log_directory
mincraft
reconnect_delay
5000
startup_key
Quasar Client Startup
subdirectory
SubDir

Targets

- Target
  
  VEGAS_Pro_20.0.0.exe
- Size
  
  677.8MB
- MD5
  
  3548345d694b258ecdacfb30bf01ef32
- SHA1
  
  cf958f11cd7b52f0395d9cbfc0c7c43b01d55ba8
- SHA256
  
  cae8174d33366208ec89a8a16b349f7a78409b7f6421b24c25a1711f222f180b
- SHA512
  
  bb2b5c4ef4cdc76a182506dcd44fe1f0d8b5ef81261a1463e1c835a37f6c10e2d9d6daf3381df53649fe0a66aed80aeeebb242a244a094603f168a946272f597
- SSDEEP
  
  12582912:VpwoWBS+gchR75aVsLbNWMXOpWe2ejvclvdm7Btj9En2nfwgCnXT:/c4+gGLaVKV5eVvclInfw7
Score

10^/10

quasar vegas discovery spyware trojan
- Quasar RAT
  Quasar is an open source Remote Access Tool.
  trojan spyware quasar
- Quasar family
  quasar
- Quasar payload
- Executes dropped EXE
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

quasarvegasdiscoveryspywaretrojan

© 2018-2024

Terms | Privacy