quasar | 57970a3c842bcaf6860a9d271b2725b08fc07a50ca18ff852983d8e80905a0c7 | Triage

Sharing

General

Target

main.bat
Size

15KB
Sample

241122-arr7eszrdy
MD5

837e6e693eab2459822a681dd8829347
SHA1

77417d665e66ae2f962f52b3d7c916f0772f0615
SHA256

57970a3c842bcaf6860a9d271b2725b08fc07a50ca18ff852983d8e80905a0c7
SHA512

54f3d0f4a69d785dd6012f5376d131f3d4cdfa1885577c46468bf1e37aed1d7da86cc11b7efcddf53eede8a4803a16e14c008493404906e3b870ccd441278a48
SSDEEP

384:wK1+KSlKC8kumFq/vM2pHz6YBM3P6QDSJO4ytvJ2/N2cGTuEhckk7VgFHbWvaPn0:wK1+KSlKC8++vM23b+CJXPn

Score

10^/10

quasar bot defense_evasion discovery execution spyware trojan

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

bot

C2

wooting2000-47095.portmap.host:47095

Mutex

2e05f1ef-743b-4020-b18a-7f4276517e8b

Attributes

encryption_key
E83D6FC31962786DAEA703F111D2381786DF06CA
install_name
Modification1.5.14.12.exe
log_directory
Logs
reconnect_delay
3126
startup_key
explorer.dll
subdirectory
SubDir

Targets

- Target
  
  main.bat
- Size
  
  15KB
- MD5
  
  837e6e693eab2459822a681dd8829347
- SHA1
  
  77417d665e66ae2f962f52b3d7c916f0772f0615
- SHA256
  
  57970a3c842bcaf6860a9d271b2725b08fc07a50ca18ff852983d8e80905a0c7
- SHA512
  
  54f3d0f4a69d785dd6012f5376d131f3d4cdfa1885577c46468bf1e37aed1d7da86cc11b7efcddf53eede8a4803a16e14c008493404906e3b870ccd441278a48
- SSDEEP
  
  384:wK1+KSlKC8kumFq/vM2pHz6YBM3P6QDSJO4ytvJ2/N2cGTuEhckk7VgFHbWvaPn0:wK1+KSlKC8++vM23b+CJXPn
Score

10^/10

quasar bot defense_evasion discovery execution spyware trojan
- Quasar RAT
  Quasar is an open source Remote Access Tool.
  trojan spyware quasar
- Quasar family
  quasar
- Quasar payload
- Blocklisted process makes network request
- Command and Scripting Interpreter: PowerShell
  Powershell Invoke Web Request.
  execution
- Executes dropped EXE
- Legitimate hosting services abused for malware hosting/C2
- Drops file in System32 directory
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Hide Artifacts

Ignore Process Interrupts

Credential Access

Discovery

Query Registry

Remote System Discovery

System Information Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

quasarbotdefense_evasiondiscoveryexecutionspywaretrojan