quasar | 7c9b4c774fbf907cf1858ea31454992e16d6b6521f880fcd8a12433ce25b6b35 | Triage

Sharing

General

Target

Order88983273293729387293828PDF.exe
Size

1.4MB
Sample

241118-stps7ayqdy
MD5

9c23449ea828b1d7d4473aa70f86caa8
SHA1

474136c0e6d3d7c00a2e4f1b1e41f831fbb6dcba
SHA256

7c9b4c774fbf907cf1858ea31454992e16d6b6521f880fcd8a12433ce25b6b35
SHA512

843a03c44436410ae67a56ca00e4f3c19461979f4211b848eadf0ca02641ec3ee13a38f38e03bc316e028aceaa7571e41d1163e7d0933fe0e12d28ea1fae0925
SSDEEP

12288:Er0K/EsBQT93xj6mZw7Y/zLZefq5U6t1uxSxwOz7MIAvKcz9eoJEtww2LOB:ES3V1w8kzSGOzwFV93O

Score

10^/10

quasar man discovery spyware trojan

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

man

C2

nwamama.ydns.eu:3791

Mutex

3302836a-f2f9-4646-981e-42b54ed610dd

Attributes

encryption_key
C058A6A166AF85C9027394334AA2BDC41A9B7D9C
install_name
windows update.exe
log_directory
Logs
reconnect_delay
3000
startup_key
Svchost
subdirectory
SubDir

Targets

- Target
  
  Order88983273293729387293828PDF.exe
- Size
  
  1.4MB
- MD5
  
  9c23449ea828b1d7d4473aa70f86caa8
- SHA1
  
  474136c0e6d3d7c00a2e4f1b1e41f831fbb6dcba
- SHA256
  
  7c9b4c774fbf907cf1858ea31454992e16d6b6521f880fcd8a12433ce25b6b35
- SHA512
  
  843a03c44436410ae67a56ca00e4f3c19461979f4211b848eadf0ca02641ec3ee13a38f38e03bc316e028aceaa7571e41d1163e7d0933fe0e12d28ea1fae0925
- SSDEEP
  
  12288:Er0K/EsBQT93xj6mZw7Y/zLZefq5U6t1uxSxwOz7MIAvKcz9eoJEtww2LOB:ES3V1w8kzSGOzwFV93O
Score

10^/10

discovery quasar man spyware trojan
- Quasar RAT
  Quasar is an open source Remote Access Tool.
  trojan spyware quasar
- Quasar family
  quasar
- Quasar payload
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Executes dropped EXE
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

quasarmandiscoveryspywaretrojan