quasar | 6008de3f1a1d175cc66844a23a4b07c7bf009c29dc6e81a96d7d0ed4658e4e64 | Triage

Submit
Reports

Overview

overview

Static

static

3

Zamówieni...df.exe

windows7-x64

Zamówieni...df.exe

windows10-2004-x64

Sharing

General

Target

Zamówienie_89118___Metal-Constructions.pdf.lzh.rar
Size

3.5MB
Sample

241112-kpvvmsxqfv
MD5

5e5549ae4dd07a2d0532fe121ccab0fa
SHA1

9d0a459baee083badf37ba48cc9e9048b24724ee
SHA256

6008de3f1a1d175cc66844a23a4b07c7bf009c29dc6e81a96d7d0ed4658e4e64
SHA512

49e3c200508810b02114e39f8e0e30a785fb042a85e9ecddc9707c01bfd8cc024e4a9079852354e2da10311d21d89d24031f1fc92c41ded6f934270ec045d548
SSDEEP

98304:/E/c0bc42JOBo3PnSzb7O59BAlo+R4wMkJH:8hcaofnSzbC5kl/R5MoH

Score

10^/10

quasar code discovery spyware trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

Zamówienie 89118 _ Metal-Constructions.pdf.exe

Resource

win7-20241010-en

quasar code discovery spyware trojan

windows7-x64

11 signatures

150 seconds

Behavioral task

behavioral2

Sample

Zamówienie 89118 _ Metal-Constructions.pdf.exe

Resource

win10v2004-20241007-en

quasar code discovery spyware trojan

windows10-2004-x64

10 signatures

150 seconds

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

CODE

C2

twart.myfirewall.org:9792

rency.ydns.eu:5287

wqo9.firewall-gateway.de:8841

Mutex

02351e291-5d041-4fa37-932c7-869aeiQec514992

Attributes

encryption_key
3145298725BA5E0DD56E87FFE3F8898EA81E6EDA
install_name
workbook.exe
log_directory
Logs
reconnect_delay
6000
startup_key
workbook
subdirectory
SubDir

Targets

- Target
  
  Zamówienie 89118 _ Metal-Constructions.pdf.com
- Size
  
  3.5MB
- MD5
  
  1834eaa9099724ef4fe227478fed783a
- SHA1
  
  61176db35c4cda5a118bd4f3505d5bda26ebced0
- SHA256
  
  fd12d28d6b8030ec8e3d28c13ce562dc0f42b085806401b02a1155a6f44eb19c
- SHA512
  
  04191f86b0f2d9c1eecf71b4ff26ad20dacda5e4840b073a4c2a40b0927e8d3ec58ed6c12b4934eeaaef0e8311fe9877886ae1d4ec0970377ac6f9c00e2eced1
- SSDEEP
  
  98304:DApiYNYRIkC6rLk+hXKUXPHCU+6VbgAs25XXQn5lE1kU7:DAtYPjxJHCogAs25XAn5lEt
Score

10^/10

quasar code discovery spyware trojan
- Quasar RAT
  Quasar is an open source Remote Access Tool.
  trojan spyware quasar
- Quasar family
  quasar
- Quasar payload
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

quasarcodediscoveryspywaretrojan

behavioral2

quasarcodediscoveryspywaretrojan

© 2018-2024

Terms | Privacy