quasar | a0a5e205567c676b99f69c9d11723a9e44e073cb61ca1ef5b228b26cea57e856 | Triage

Sharing

General

Target

a0a5e205567c676b99f69c9d11723a9e44e073cb61ca1ef5b228b26cea57e856.exe
Size

1.4MB
Sample

241119-wtnsnszfrp
MD5

142210eb7464fb579c0c6030c15c876f
SHA1

65050f9af307ec87745a32e1cc79dee28e8bc5ea
SHA256

a0a5e205567c676b99f69c9d11723a9e44e073cb61ca1ef5b228b26cea57e856
SHA512

4f82b7d3d6f8e49a0a4ef5a27e54d166cc4b4a9231442e46fee1d5ae85e16d779ef75a3bfeaa82d762976507b49ea91c8e2f9c2e80beb92c55759aa5f3721858
SSDEEP

12288:2fcOokxZ4FK9VlPprK7w5NljuDvdLwLEcXq8dxSaDygxpy3nZOJcllvB4:2P8FMhQiXhxkKcOUvi

Score

10^/10

quasar chim discovery spyware trojan

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

Chim

C2

aboushagor.ydns.eu:6542

Mutex

0b30f45d-3c54-4926-a32f-8a1dc077eb21

Attributes

encryption_key
799E5C34BA6EC18D72E269D0C5CF1A5AC1AD9277
install_name
windows update.exe
log_directory
Logs
reconnect_delay
3000
startup_key
svchost
subdirectory
SubDir

Targets

- Target
  
  a0a5e205567c676b99f69c9d11723a9e44e073cb61ca1ef5b228b26cea57e856.exe
- Size
  
  1.4MB
- MD5
  
  142210eb7464fb579c0c6030c15c876f
- SHA1
  
  65050f9af307ec87745a32e1cc79dee28e8bc5ea
- SHA256
  
  a0a5e205567c676b99f69c9d11723a9e44e073cb61ca1ef5b228b26cea57e856
- SHA512
  
  4f82b7d3d6f8e49a0a4ef5a27e54d166cc4b4a9231442e46fee1d5ae85e16d779ef75a3bfeaa82d762976507b49ea91c8e2f9c2e80beb92c55759aa5f3721858
- SSDEEP
  
  12288:2fcOokxZ4FK9VlPprK7w5NljuDvdLwLEcXq8dxSaDygxpy3nZOJcllvB4:2P8FMhQiXhxkKcOUvi
Score

10^/10

discovery quasar chim spyware trojan
- Quasar RAT
  Quasar is an open source Remote Access Tool.
  trojan spyware quasar
- Quasar family
  quasar
- Quasar payload
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Drops startup file
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

quasarchimdiscoveryspywaretrojan