quasar | d78baa99cdaa1c5037167f9a0b2f4aa65f694ac32af8c84d71e152542a970850 | Triage

Submit
Reports

Overview

overview

Static

static

3

Zamówieni...df.exe

windows7-x64

Zamówieni...df.exe

windows10-2004-x64

Sharing

General

Target

d78baa99cdaa1c5037167f9a0b2f4aa65f694ac32af8c84d71e152542a970850.rar
Size

3.7MB
Sample

241113-df71aawaml
MD5

46606f39941acbcfe136254053a7685c
SHA1

64db0245d31874f1b1378300708acc3fdd0c4c41
SHA256

d78baa99cdaa1c5037167f9a0b2f4aa65f694ac32af8c84d71e152542a970850
SHA512

5f16f4254b6ae63a040e15f6367201c4e395585273cfb4a4e0337d63a60c383ecfed6fa0470d08447cc75c6f722b42dcfc4824e36d65f38a44c7e2ee73e0f289
SSDEEP

98304:bT8OQIbUfRIoAGEp4Jg5YNzJ3J+bsixXprsq328FC+cSBUR0p249:dAfRP96YVJMHxXpYq3LU4UR0E8

Score

10^/10

quasar code discovery spyware trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

Zamówienie 89118 _ Metal-Constructions.pdf.exe

Resource

win7-20241010-en

quasar code discovery spyware trojan

windows7-x64

11 signatures

150 seconds

Behavioral task

behavioral2

Sample

Zamówienie 89118 _ Metal-Constructions.pdf.exe

Resource

win10v2004-20241007-en

quasar code discovery spyware trojan

windows10-2004-x64

11 signatures

150 seconds

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

CODE

C2

twart.myfirewall.org:9792

rency.ydns.eu:5287

wqo9.firewall-gateway.de:8841

Mutex

02351e291-5d041-4fa37-932c7-869aeiQec514992

Attributes

encryption_key
3145298725BA5E0DD56E87FFE3F8898EA81E6EDA
install_name
workbook.exe
log_directory
Logs
reconnect_delay
6000
startup_key
workbook
subdirectory
SubDir

Targets

- Target
  
  Zamówienie 89118 _ Metal-Constructions.pdf.com
- Size
  
  3.9MB
- MD5
  
  00ffe69dfb698299710ce724102c38d0
- SHA1
  
  f34a894792a087ccc190149a60b5ebd778205254
- SHA256
  
  94ebfdfd713a28f05375cb3db05fa5223f67ef6d0e79d724c1d1fb808476227b
- SHA512
  
  21cc0557ccdc228d358430dc0783c55c3d4cc54ca48241ae212fa97e8d7cfc475fad1247ff7b967b3cdc5187984cd918736687c23cea84cddd2ca70c3ab2f37d
- SSDEEP
  
  98304:Amfx0pcD2HsO4ntgdgxkvS4qdtdFRm5J0j0BTh2zR:Amf2ppHb+koMSRtJpkQt
Score

10^/10

quasar code discovery spyware trojan
- Quasar RAT
  Quasar is an open source Remote Access Tool.
  trojan spyware quasar
- Quasar family
  quasar
- Quasar payload
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

quasarcodediscoveryspywaretrojan

behavioral2

quasarcodediscoveryspywaretrojan

© 2018-2024

Terms | Privacy