quasar | d36fc52419dca76775f2efd8cd57a60e55f5f412929ce1f5ab8f758fc0366db1 | Triage

Submit
Reports

Overview

overview

Static

static

3

d36fc52419...b1.exe

windows7-x64

d36fc52419...b1.exe

windows10-2004-x64

Sharing

General

Target

d36fc52419dca76775f2efd8cd57a60e55f5f412929ce1f5ab8f758fc0366db1
Size

797KB
Sample

241122-ylb51stlbk
MD5

7ea9f823d613c41364ebb2d1d0a6189a
SHA1

4f419b26a5c1c9bf6ef7bd3c2aeb753490c0bd5b
SHA256

d36fc52419dca76775f2efd8cd57a60e55f5f412929ce1f5ab8f758fc0366db1
SHA512

d9d2898c90c8420ea1d0b4b75964b0f40f3d89651be36b37f9e2918f982bd08b3ebffd4455078e69c904959705e675c40d5a57f3c0686cc79ab375ef2ac5f4de
SSDEEP

12288:q6K0egDGMTCm4Nj9XuVIxlJY0RJFHV0ea8d1xxHiU78Ejy2QHPlvrqfmhemL11xI:qJ0eoLTCZNjQmfJpXHjHoDfW4eqhgP

Score

10^/10

quasar htroy discovery spyware trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

d36fc52419dca76775f2efd8cd57a60e55f5f412929ce1f5ab8f758fc0366db1.exe

Resource

win7-20240903-en

quasar htroy discovery spyware trojan

windows7-x64

14 signatures

150 seconds

Behavioral task

behavioral2

Sample

d36fc52419dca76775f2efd8cd57a60e55f5f412929ce1f5ab8f758fc0366db1.exe

Resource

win10v2004-20241007-en

quasar htroy discovery spyware trojan

windows10-2004-x64

16 signatures

150 seconds

Malware Config

Extracted

Family

quasar

Version

1.3.0.0

Botnet

HTROY

C2

87.120.116.115:61510

onadeatcamsides.sytes.net:61511

Mutex

QSR_MUTEX_ZAU4jFZ758CCGtDmef

Attributes

encryption_key
rK1SiSuzs11zCQEpJeMg
install_name
Updates.exe
log_directory
Logs
reconnect_delay
30000
startup_key
NewUpdates
subdirectory
Mindow

Targets

- Target
  
  d36fc52419dca76775f2efd8cd57a60e55f5f412929ce1f5ab8f758fc0366db1
- Size
  
  797KB
- MD5
  
  7ea9f823d613c41364ebb2d1d0a6189a
- SHA1
  
  4f419b26a5c1c9bf6ef7bd3c2aeb753490c0bd5b
- SHA256
  
  d36fc52419dca76775f2efd8cd57a60e55f5f412929ce1f5ab8f758fc0366db1
- SHA512
  
  d9d2898c90c8420ea1d0b4b75964b0f40f3d89651be36b37f9e2918f982bd08b3ebffd4455078e69c904959705e675c40d5a57f3c0686cc79ab375ef2ac5f4de
- SSDEEP
  
  12288:q6K0egDGMTCm4Nj9XuVIxlJY0RJFHV0ea8d1xxHiU78Ejy2QHPlvrqfmhemL11xI:qJ0eoLTCZNjQmfJpXHjHoDfW4eqhgP
Score

10^/10

quasar htroy discovery spyware trojan
- Quasar RAT
  Quasar is an open source Remote Access Tool.
  trojan spyware quasar
- Quasar family
  quasar
- Quasar payload
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

Remote System Discovery

System Information Discovery

System Location Discovery

System Language Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

quasarhtroydiscoveryspywaretrojan

behavioral2

quasarhtroydiscoveryspywaretrojan

© 2018-2024

Terms | Privacy