quasar | 54cef68b48ded4fa94e54f164a4dd838894a200c2887c885d29474c998c5e2c8 | Triage

Sharing

General

Target

54cef68b48ded4fa94e54f164a4dd838894a200c2887c885d29474c998c5e2c8
Size

542KB
Sample

241122-nan1bszjfy
MD5

1fed599b6716c7395cfe19002774dac5
SHA1

2dd268f89e179bdf68477660a51c77fe6e95e7eb
SHA256

54cef68b48ded4fa94e54f164a4dd838894a200c2887c885d29474c998c5e2c8
SHA512

ad4bd2c8b04cff498de9517481b5ffbc3c48d0842f2532ef8e6143773bceb49fbd70069b54c30a59affa8590f800ba8a2323284278ffda1e13db7629ba85dd5b
SSDEEP

12288:RHVfvJEwcONs7+c/PfiIw0hleWqnFlw6lF9TZFb9/w8YrA9r6Abyv:/JUONOXns0hUFw6dfb9grMr4

Score

10^/10

quasar discovery spyware trojan

Malware Config

Targets

- Target
  
  54cef68b48ded4fa94e54f164a4dd838894a200c2887c885d29474c998c5e2c8
- Size
  
  542KB
- MD5
  
  1fed599b6716c7395cfe19002774dac5
- SHA1
  
  2dd268f89e179bdf68477660a51c77fe6e95e7eb
- SHA256
  
  54cef68b48ded4fa94e54f164a4dd838894a200c2887c885d29474c998c5e2c8
- SHA512
  
  ad4bd2c8b04cff498de9517481b5ffbc3c48d0842f2532ef8e6143773bceb49fbd70069b54c30a59affa8590f800ba8a2323284278ffda1e13db7629ba85dd5b
- SSDEEP
  
  12288:RHVfvJEwcONs7+c/PfiIw0hleWqnFlw6lF9TZFb9/w8YrA9r6Abyv:/JUONOXns0hUFw6dfb9grMr4
Score

10^/10

quasar discovery spyware trojan
- Quasar RAT
  Quasar is an open source Remote Access Tool.
  trojan spyware quasar
- Quasar family
  quasar
- Blocklisted process makes network request
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

quasardiscoveryspywaretrojan

behavioral2

quasardiscoveryspywaretrojan