quasar | bacfd4551eb96cd6a853ee55f7e1839fdffedf1309d00932f603d214bc4798fb | Triage

Resubmissions

21-11-2024 23:40

241121-3n73pazmey 10

21-11-2024 23:28

241121-3gd62axjaj 10

Sharing

General

Target

xTSRv1.1.0.6.exe
Size

344KB
Sample

241121-3n73pazmey
MD5

58862052bc9830249a3481c1f598bfa6
SHA1

a1606388aae362146a32faf45815cb7aa2e0a3ec
SHA256

bacfd4551eb96cd6a853ee55f7e1839fdffedf1309d00932f603d214bc4798fb
SHA512

f5bb7b412ddb826d262b784d9538c2ea30d217e1d23691176c53735021ada2fec13f2559ecfa6096ae4860e004211897dc0c69b9b04a5451d2e3feb6bec80215
SSDEEP

6144:u4HFNUocJ7fDktpXaWgvkoXZL8GaY4900NuiF1D48q3O:/FNUzJ7fOpXa7PXZI4r0tq3

Score

10^/10

quasar discovery spyware trojan

Malware Config

Targets

- Target
  
  xTSRv1.1.0.6.exe
- Size
  
  344KB
- MD5
  
  58862052bc9830249a3481c1f598bfa6
- SHA1
  
  a1606388aae362146a32faf45815cb7aa2e0a3ec
- SHA256
  
  bacfd4551eb96cd6a853ee55f7e1839fdffedf1309d00932f603d214bc4798fb
- SHA512
  
  f5bb7b412ddb826d262b784d9538c2ea30d217e1d23691176c53735021ada2fec13f2559ecfa6096ae4860e004211897dc0c69b9b04a5451d2e3feb6bec80215
- SSDEEP
  
  6144:u4HFNUocJ7fDktpXaWgvkoXZL8GaY4900NuiF1D48q3O:/FNUzJ7fOpXa7PXZI4r0tq3
Score

10^/10

quasar discovery spyware trojan
- Quasar RAT
  Quasar is an open source Remote Access Tool.
  trojan spyware quasar
- Quasar family
  quasar
- Executes dropped EXE
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

quasardiscoveryspywaretrojan