quasar | fca48c82c0fd6ce3126b3d0fa2e8ded4e7d207d9a58621033a2f61b2cda19df9 | Triage

Submit
Reports

Overview

overview

Static

static

3

QUOTE - PO...__.exe

windows7-x64

QUOTE - PO...__.exe

windows10-2004-x64

Sharing

General

Target

fca48c82c0fd6ce3126b3d0fa2e8ded4e7d207d9a58621033a2f61b2cda19df9
Size

3.7MB
Sample

241119-fmba1avrhm
MD5

6f4be6f7b33299251e59d8a1f2df8aaa
SHA1

bbb73e10fd769af9a9d8ec8cda759b638e3e29cb
SHA256

fca48c82c0fd6ce3126b3d0fa2e8ded4e7d207d9a58621033a2f61b2cda19df9
SHA512

416a1c4699265dbcbb2f710c24d061b3b3cb022ca9ba8bd1f2d116250c28da90cb60db3f44b4e3283ff8e0f2a69d1d33f6c49b63a2453aec89d466cda0315a9c
SSDEEP

98304:a4ncEWtdd+zhBQ68D1M8bSIkfSGtgfQfj4JfaeuW2zx+vV//J:7jSdd+zk68D1PkfSG7VzxCVZ

Score

10^/10

quasar jekwu discovery spyware trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

QUOTE - PO #55037992661010_pdf _______________________________________________________.exe

Resource

win7-20240903-en

quasar jekwu discovery spyware trojan

windows7-x64

11 signatures

150 seconds

Behavioral task

behavioral2

Sample

QUOTE - PO #55037992661010_pdf _______________________________________________________.exe

Resource

win10v2004-20241007-en

quasar jekwu discovery spyware trojan

windows10-2004-x64

11 signatures

150 seconds

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

JEKWU

C2

Zyg.ydns.eu:5829

Opy.ydns.eu:5829

Mutex

9c58b2ba-07eb-415a-b48b-21bbb68d32285e

Attributes

encryption_key
C5B555A83D127A9553D4FB1FCECB35CE8E91A447
install_name
outlooks.exe
log_directory
Logs
reconnect_delay
3000
startup_key
Outlooks
subdirectory
WindowsUpdates

Targets

- Target
  
  QUOTE - PO #55037992661010_pdf _______________________________________________________________________________________________________.exe
- Size
  
  3.7MB
- MD5
  
  2d9086d8db2b68bfe0eda3def565e494
- SHA1
  
  f711ddb1a4bc16e0f0d41ab70970f31d4a07d807
- SHA256
  
  315ca1a6189eeb82b97ca0948c23c47b32c9a67d5a96f3a5e2c7d0f481c3ec03
- SHA512
  
  aa341dbf61a8a21d913fc1721f840a762cbc191ceaef9af3ec5b7bfaf41ca5b4e9f17ec5750cc9c07c1777dfa4eadfb80f6b22b1d4238eca2eeb846bc7ea99f1
- SSDEEP
  
  98304:v97mt1p+v/vg6wRPGAzQIC5ws7Er4dRozxGEgi2Nx+B7RL:5C1p+vg6wRP9C5wsBJNx+7
Score

10^/10

quasar jekwu discovery spyware trojan
- Quasar RAT
  Quasar is an open source Remote Access Tool.
  trojan spyware quasar
- Quasar family
  quasar
- Quasar payload
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

quasarjekwudiscoveryspywaretrojan

behavioral2

quasarjekwudiscoveryspywaretrojan

© 2018-2024

Terms | Privacy