quasar | 250ed85363ae1d6dd070a462f1ac25a8a74c5e1380359d85eb082b0eaf4bb8b1 | Triage

Submit
Reports

Overview

overview

Static

static

rab.exe

windows7-x64

rab.exe

windows10-2004-x64

Sharing

General

Target

rab.exe
Size

3.1MB
Sample

241113-x68jaaxhqe
MD5

20290ac43ac1bed38b4ba6a9c8a0563c
SHA1

8ba324cb8ef2fd31ff6e5d7395ed33178141a28e
SHA256

250ed85363ae1d6dd070a462f1ac25a8a74c5e1380359d85eb082b0eaf4bb8b1
SHA512

ef2f449cbbbb9e5cf9ae3af3406c80af4422cb0b65d690d28807da02e8ad7416831f80ce63365ce12ee730c31c4ce18d787673838cf3c3c3d102de11aa53111e
SSDEEP

49152:qvflL26AaNeWgPhlmVqvMQ7XSKYnQaEfeIk/l4DoGdpTHHB72eh2NT:qvtL26AaNeWgPhlmVqkQ7XSKYnQIw

Score

10^/10

quasar megahack_v1488 spyware trojan

Static task

static1

megahack_v1488 quasar

3 signatures

Behavioral task

behavioral1

Sample

rab.exe

Resource

win7-20240708-en

quasar megahack_v1488 spyware trojan

windows7-x64

10 signatures

150 seconds

Behavioral task

behavioral2

Sample

rab.exe

Resource

win10v2004-20241007-en

quasar megahack_v1488 spyware trojan

windows10-2004-x64

10 signatures

150 seconds

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

MegaHack_v1488

C2

rab1.premium-televizor.net:18651

Mutex

af92703d-a16f-40c6-8fff-b3793fd59f85

Attributes

encryption_key
0F1B05653C3B3AB3BB4ECD772DD024668CBE8DF1
install_name
system32.exe
log_directory
Keyboard
reconnect_delay
3000
startup_key
Trusted Installer
subdirectory
SubDir

Targets

- Target
  
  rab.exe
- Size
  
  3.1MB
- MD5
  
  20290ac43ac1bed38b4ba6a9c8a0563c
- SHA1
  
  8ba324cb8ef2fd31ff6e5d7395ed33178141a28e
- SHA256
  
  250ed85363ae1d6dd070a462f1ac25a8a74c5e1380359d85eb082b0eaf4bb8b1
- SHA512
  
  ef2f449cbbbb9e5cf9ae3af3406c80af4422cb0b65d690d28807da02e8ad7416831f80ce63365ce12ee730c31c4ce18d787673838cf3c3c3d102de11aa53111e
- SSDEEP
  
  49152:qvflL26AaNeWgPhlmVqvMQ7XSKYnQaEfeIk/l4DoGdpTHHB72eh2NT:qvtL26AaNeWgPhlmVqkQ7XSKYnQIw
Score

10^/10

quasar megahack_v1488 spyware trojan
- Quasar RAT
  Quasar is an open source Remote Access Tool.
  trojan spyware quasar
- Quasar family
  quasar
- Quasar payload
- Executes dropped EXE
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

megahack_v1488quasar

behavioral1

quasarmegahack_v1488spywaretrojan

behavioral2

quasarmegahack_v1488spywaretrojan

© 2018-2024

Terms | Privacy