quasar | 83e48dca5574b8875b8efd202de1841263c97e38ccf8866649e0cf9b3d894378 | Triage

Sharing

General

Target

83e48dca5574b8875b8efd202de1841263c97e38ccf8866649e0cf9b3d894378N
Size

349KB
Sample

241110-1djw1avhmm
MD5

715f939575713752a183aa75ff78e2b0
SHA1

11ce91d273eb5af1a87ed43af27cb12a971ecdcd
SHA256

83e48dca5574b8875b8efd202de1841263c97e38ccf8866649e0cf9b3d894378
SHA512

b844ffd4d0a220033886ce2096c8c61c44e86441cf811336d1be08c5160315da4cb7a46bebf5188e51e12b386e4f4f184905a18b08e96499eabdb8814f006011
SSDEEP

6144:JK2J10qdSlEc39HGICa7TE3nKoICeeS2bwqHO4baeLV9w0Z:JKFL03nKoICeeSuOSLg0Z

Score

10^/10

quasar cotizaciones23 discovery persistence spyware trojan

Malware Config

Extracted

Family

quasar

Version

1.3.0.0

Botnet

Cotizaciones23

C2

192.168.1.198:4782

Mutex

QSR_MUTEX_GWVYbrP9HvYlifSt0V

Attributes

encryption_key
qJrrGgGodx4vKyBDIosm
install_name
Client.exe
log_directory
Logs
reconnect_delay
3000
startup_key
client
subdirectory
cles

Targets

- Target
  
  83e48dca5574b8875b8efd202de1841263c97e38ccf8866649e0cf9b3d894378N
- Size
  
  349KB
- MD5
  
  715f939575713752a183aa75ff78e2b0
- SHA1
  
  11ce91d273eb5af1a87ed43af27cb12a971ecdcd
- SHA256
  
  83e48dca5574b8875b8efd202de1841263c97e38ccf8866649e0cf9b3d894378
- SHA512
  
  b844ffd4d0a220033886ce2096c8c61c44e86441cf811336d1be08c5160315da4cb7a46bebf5188e51e12b386e4f4f184905a18b08e96499eabdb8814f006011
- SSDEEP
  
  6144:JK2J10qdSlEc39HGICa7TE3nKoICeeS2bwqHO4baeLV9w0Z:JKFL03nKoICeeSuOSLg0Z
Score

10^/10

quasar cotizaciones23 discovery persistence spyware trojan
- Quasar RAT
  Quasar is an open source Remote Access Tool.
  trojan spyware quasar
- Quasar family
  quasar
- Quasar payload
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Scheduled Task/Job

Scheduled Task

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

cotizaciones23quasar

behavioral1

quasarcotizaciones23discoverypersistencespywaretrojan

behavioral2

quasarcotizaciones23discoveryspywaretrojan