quasar | 0cbcab350f25f5764dc967cf6f764eccdd094b1f8ca14d60a731713ace6b1aec | Triage

Submit
Reports

Overview

overview

Static

static

Modificati...75.exe

windows7-x64

Modificati...75.exe

windows10-2004-x64

Sharing

General

Target

Modification11910275.exe
Size

3.1MB
Sample

241121-3v9j4aznc1
MD5

fa9b1524e725c4a251d07007f15fa947
SHA1

5c023619d8180b611acb544fa1cd8bd31de9e61c
SHA256

0cbcab350f25f5764dc967cf6f764eccdd094b1f8ca14d60a731713ace6b1aec
SHA512

dac63f0970092186a909dafeb75cee3e1ad3b393984cf78a1d88e339a39ef235567f74b7a874b237762b8a46e74f8cb319add4bcbc4bdf8f76ec8e1476fb44db
SSDEEP

49152:nvKlL26AaNeWgPhlmVqvMQ7XSKrCW1JeLoGdeSTHHB72eh2NT:nvyL26AaNeWgPhlmVqkQ7XSKrCN

Score

10^/10

quasar bot discovery spyware trojan

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

Modification11910275.exe

Resource

win7-20240903-en

quasar bot spyware trojan

windows7-x64

10 signatures

150 seconds

Behavioral task

behavioral2

Sample

Modification11910275.exe

Resource

win10v2004-20241007-en

quasar bot discovery spyware trojan

windows10-2004-x64

14 signatures

150 seconds

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

bot

C2

wooting2000-47095.portmap.host:47095

Mutex

2e05f1ef-743b-4020-b18a-7f4276517e8b

Attributes

encryption_key
E83D6FC31962786DAEA703F111D2381786DF06CA
install_name
Modification1.5.14.12.exe
log_directory
Logs
reconnect_delay
3126
startup_key
explorer.dll
subdirectory
SubDir

Targets

- Target
  
  Modification11910275.exe
- Size
  
  3.1MB
- MD5
  
  fa9b1524e725c4a251d07007f15fa947
- SHA1
  
  5c023619d8180b611acb544fa1cd8bd31de9e61c
- SHA256
  
  0cbcab350f25f5764dc967cf6f764eccdd094b1f8ca14d60a731713ace6b1aec
- SHA512
  
  dac63f0970092186a909dafeb75cee3e1ad3b393984cf78a1d88e339a39ef235567f74b7a874b237762b8a46e74f8cb319add4bcbc4bdf8f76ec8e1476fb44db
- SSDEEP
  
  49152:nvKlL26AaNeWgPhlmVqvMQ7XSKrCW1JeLoGdeSTHHB72eh2NT:nvyL26AaNeWgPhlmVqkQ7XSKrCN
Score

10^/10

quasar bot spyware trojan discovery
- Quasar RAT
  Quasar is an open source Remote Access Tool.
  trojan spyware quasar
- Quasar family
  quasar
- Quasar payload
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

Remote System Discovery

System Information Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

quasarbotspywaretrojan

behavioral2

quasarbotdiscoveryspywaretrojan

© 2018-2024

Terms | Privacy