quasar | 6ce8ed01e0b852a03de916e08d57614ccb92c361726be24e4d299c9582ea14d1 | Triage

Sharing

General

Target

6ce8ed01e0b852a03de916e08d57614ccb92c361726be24e4d299c9582ea14d1
Size

219KB
Sample

241121-l3926a1lhy
MD5

9716f058a12953553902a7daf904764d
SHA1

f04d74205759455380b130b5d9e72d144e4e2f8b
SHA256

6ce8ed01e0b852a03de916e08d57614ccb92c361726be24e4d299c9582ea14d1
SHA512

d66790562c559677462c93b21fe7b20669dbe4399a601b7c076697563472f3fe038c96d5be35e4c339fd215b18c298fa72a43abffd9ad7d47b0a4d2831c6a47d
SSDEEP

3072:S2thbdSIgHblET0Rw1MCHDb2uG9tEqCGtH5nvFv90k8/0sJxCLo+MA52zFHbk8Y8:S249vFVu/BJV+MAAHbM25C

Score

10^/10

quasar discovery spyware trojan

Malware Config

Targets

- Target
  
  6ce8ed01e0b852a03de916e08d57614ccb92c361726be24e4d299c9582ea14d1
- Size
  
  219KB
- MD5
  
  9716f058a12953553902a7daf904764d
- SHA1
  
  f04d74205759455380b130b5d9e72d144e4e2f8b
- SHA256
  
  6ce8ed01e0b852a03de916e08d57614ccb92c361726be24e4d299c9582ea14d1
- SHA512
  
  d66790562c559677462c93b21fe7b20669dbe4399a601b7c076697563472f3fe038c96d5be35e4c339fd215b18c298fa72a43abffd9ad7d47b0a4d2831c6a47d
- SSDEEP
  
  3072:S2thbdSIgHblET0Rw1MCHDb2uG9tEqCGtH5nvFv90k8/0sJxCLo+MA52zFHbk8Y8:S249vFVu/BJV+MAAHbM25C
Score

10^/10

quasar discovery spyware trojan
- Quasar RAT
  Quasar is an open source Remote Access Tool.
  trojan spyware quasar
- Quasar family
  quasar
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

quasardiscoveryspywaretrojan

behavioral2

quasardiscoveryspywaretrojan