quasar | dc6032bb4d1d30872419a285faf9e3cc8829d6b826151b61317e85cb5e0cec83 | Triage

Sharing

General

Target

dc6032bb4d1d30872419a285faf9e3cc8829d6b826151b61317e85cb5e0cec83
Size

1.3MB
Sample

241111-h651tswcjg
MD5

092a56d2ffbc62dad8d8a3864fd046fe
SHA1

e90b1e199a1df28a2b748340b3a90a3e6112c058
SHA256

dc6032bb4d1d30872419a285faf9e3cc8829d6b826151b61317e85cb5e0cec83
SHA512

f6215dfd153385b49bf7b2cdb95bc45a2fb45be4ee295448d1bea946199e660ebcb920746388262e05405dc239478f1d4b156bbb03f66c0fb1702df88fba5470
SSDEEP

24576:6gZml969wUGPr2uGKFzFTSpkPNnJJUwEbkWppzscd1:65769PaFTFNn/Uwyzppz

Score

10^/10

quasar pc01 defense_evasion discovery spyware trojan

Malware Config

Extracted

Family

quasar

Version

1.4.0

Botnet

PC01

C2

Dejvicek-46680.portmap.host:46680

Mutex

5f92fc2b-da3a-4aeb-ba6a-9b3d116a65dd

Attributes

encryption_key
32B21847D3A2E85D5FC0279E929E168D73071B91
install_name
Discord.exe
log_directory
Logs
reconnect_delay
3000
startup_key
Discord
subdirectory
discord

Targets

- Target
  
  dc6032bb4d1d30872419a285faf9e3cc8829d6b826151b61317e85cb5e0cec83
- Size
  
  1.3MB
- MD5
  
  092a56d2ffbc62dad8d8a3864fd046fe
- SHA1
  
  e90b1e199a1df28a2b748340b3a90a3e6112c058
- SHA256
  
  dc6032bb4d1d30872419a285faf9e3cc8829d6b826151b61317e85cb5e0cec83
- SHA512
  
  f6215dfd153385b49bf7b2cdb95bc45a2fb45be4ee295448d1bea946199e660ebcb920746388262e05405dc239478f1d4b156bbb03f66c0fb1702df88fba5470
- SSDEEP
  
  24576:6gZml969wUGPr2uGKFzFTSpkPNnJJUwEbkWppzscd1:65769PaFTFNn/Uwyzppz
Score

10^/10

quasar pc01 defense_evasion discovery spyware trojan
- Quasar RAT
  Quasar is an open source Remote Access Tool.
  trojan spyware quasar
- Quasar family
  quasar
- Quasar payload
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Indicator Removal: File Deletion
  Adversaries may delete files left behind by the actions of their intrusion activity.
  defense_evasion
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Indicator Removal

File Deletion

Credential Access

Discovery

Query Registry

Remote System Discovery

System Information Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

quasarpc01defense_evasiondiscoveryspywaretrojan