quasar | b09675c211176f525637f74fbbbdf648eabc85203bf335fc3cc0b62b49493bf4 | Triage

Submit
Reports

Overview

overview

Static

static

c6687f7bff...c7.exe

windows7-x64

c6687f7bff...c7.exe

windows10-2004-x64

Sharing

General

Target

20032789670.zip
Size

192KB
Sample

241121-jvdmwazncx
MD5

ca2fa5d9cd0e754f2f3eaba0e8a14ad7
SHA1

ef8cdb35db706f2cf27c23928b87a4bb9881bd44
SHA256

b09675c211176f525637f74fbbbdf648eabc85203bf335fc3cc0b62b49493bf4
SHA512

7083993947b887b001c7b54f22e9200e52db1b2c8d52d967a148bd6b930723934a679d749a11746488501956e49d50a321ded73b923e438f7ca4142273057ed4
SSDEEP

6144:1B6E+ENiGS8/eaw1vnOd92FYhMeXZLJhKpaIG2Aw:1RtiZEeaEOT2SX9J8pw2J

Score

10^/10

quasar minigame discovery spyware trojan

Static task

static1

minigame quasar

3 signatures

Behavioral task

behavioral1

Sample

c6687f7bff8c2637685c5510e159abe6014d8b52cff618f40c265e5dcbcce1c7.exe

Resource

win7-20240903-en

quasar minigame discovery spyware trojan

windows7-x64

12 signatures

150 seconds

Behavioral task

behavioral2

Sample

c6687f7bff8c2637685c5510e159abe6014d8b52cff618f40c265e5dcbcce1c7.exe

Resource

win10v2004-20241007-en

quasar minigame discovery spyware trojan

windows10-2004-x64

11 signatures

150 seconds

Malware Config

Extracted

Family

quasar

Version

1.3.0.0

Botnet

minigame

C2

103.47.224.39:4782

Mutex

QSR_MUTEX_LQvzas16MNIL3IavoG

Attributes

encryption_key
aBtW2exC5zUctYcKM4IY
install_name
winrar-x64-701.exe
log_directory
Logs
reconnect_delay
3000
startup_key
Quasar Client Startup
subdirectory
SubDir

Targets

- Target
  
  c6687f7bff8c2637685c5510e159abe6014d8b52cff618f40c265e5dcbcce1c7
- Size
  
  363KB
- MD5
  
  94be4081af6754ba534f62d8968ffc71
- SHA1
  
  7f6504db5850ba020e23e69f5e6357e65ab0ef75
- SHA256
  
  c6687f7bff8c2637685c5510e159abe6014d8b52cff618f40c265e5dcbcce1c7
- SHA512
  
  0588987187e34b1b3b63cf8e8c0ef258fa2dc781fe2d43108ba8af9a8b85fba1dcde57824c6fdb867f64f64f1007b184d0f9ab990f7c92c6ea0b3e27339d19f9
- SSDEEP
  
  6144:mcqQ4i1FFiEKDtupn0Ah9EbGCIl8De5erLfyH1F0YaaSk:HplihMnp9nuCkqHEYaab
Score

10^/10

quasar minigame discovery spyware trojan
- Quasar RAT
  Quasar is an open source Remote Access Tool.
  trojan spyware quasar
- Quasar family
  quasar
- Quasar payload
- Executes dropped EXE
- Loads dropped DLL
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

quasarminigamediscoveryspywaretrojan

behavioral2

quasarminigamediscoveryspywaretrojan

© 2018-2024

Terms | Privacy