quasar | b8955e1e7cb3acd7b1bcd6328c5e11969c5dbacd2162cd34f3afb73d7ba4b80f | Triage

Sharing

General

Target

b8955e1e7cb3acd7b1bcd6328c5e11969c5dbacd2162cd34f3afb73d7ba4b80f.exe
Size

1.4MB
Sample

241119-w3l1fazhll
MD5

e95f7184a33d6edeecd365f7ad93d11e
SHA1

b9154f8ad3d068549617c7cd32bfade8ce2c5f09
SHA256

b8955e1e7cb3acd7b1bcd6328c5e11969c5dbacd2162cd34f3afb73d7ba4b80f
SHA512

7d85203949dc197766391e96c7638e2ee630043ac443ffc7ae271acfc70f29b5d748ac40eec8062705de23ab1545ad3abb642e3b890f87632b9ac36b84d24fa8
SSDEEP

12288:b/bzOGnF/lx54LOaJleaqIs/eBj52DYWQNwF/zsjVODN/By:bmGLZmx5gYWRaYJ/w

Score

10^/10

quasar man discovery spyware trojan

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

man

C2

new-visit.com:3791

Mutex

3302836a-f2f9-4646-981e-42b54ed610dd

Attributes

encryption_key
C058A6A166AF85C9027394334AA2BDC41A9B7D9C
install_name
Client.exe
log_directory
Logs
reconnect_delay
3000
startup_key
Quasar Client Startup
subdirectory
SubDir

Targets

- Target
  
  b8955e1e7cb3acd7b1bcd6328c5e11969c5dbacd2162cd34f3afb73d7ba4b80f.exe
- Size
  
  1.4MB
- MD5
  
  e95f7184a33d6edeecd365f7ad93d11e
- SHA1
  
  b9154f8ad3d068549617c7cd32bfade8ce2c5f09
- SHA256
  
  b8955e1e7cb3acd7b1bcd6328c5e11969c5dbacd2162cd34f3afb73d7ba4b80f
- SHA512
  
  7d85203949dc197766391e96c7638e2ee630043ac443ffc7ae271acfc70f29b5d748ac40eec8062705de23ab1545ad3abb642e3b890f87632b9ac36b84d24fa8
- SSDEEP
  
  12288:b/bzOGnF/lx54LOaJleaqIs/eBj52DYWQNwF/zsjVODN/By:bmGLZmx5gYWRaYJ/w
Score

10^/10

discovery quasar man spyware trojan
- Quasar RAT
  Quasar is an open source Remote Access Tool.
  trojan spyware quasar
- Quasar family
  quasar
- Quasar payload
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Drops startup file
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Remote System Discovery

System Location Discovery

System Language Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

quasarmandiscoveryspywaretrojan