quasar | 0d4777cd136637a6a622af6891450a910bfb908743c1586b987ee75f0d923c9f | Triage

Sharing

General

Target

0d4777cd136637a6a622af6891450a910bfb908743c1586b987ee75f0d923c9f
Size

877KB
Sample

241122-ylzw3sxnby
MD5

af2cca9e175c1e73fdc927423bf34063
SHA1

9fb1313901e0ac98a4c5aa3da0c0223b4bfca1f2
SHA256

0d4777cd136637a6a622af6891450a910bfb908743c1586b987ee75f0d923c9f
SHA512

8d57d681ad9bfb772fdf74b05a5012e0cac168db3265864de1b9898ac0126b8ac969a273060275309ab6e99087acfc7ea48a2c2b8d2bc70989ef546d98ab9b9f
SSDEEP

12288:7FY7UCaIsX+aC+fwRDV4gF03IFdfQeArznBKau8i1ozAq5uZCTN2E/Ep6A4W/89m:7FKraaaNwC3ktQeAwVGB5uaZ/of3

Score

10^/10

quasar aoy discovery spyware trojan

Malware Config

Extracted

Family

quasar

Version

1.3.0.0

Botnet

AOY

C2

87.120.120.27:61540

127.0.0.1:61540

87.121.86.205:61541

Mutex

QSR_MUTEX_NOCv4TURf46HbVbxyc

Attributes

encryption_key
fVsndNhImy9VosyZSQbQ
install_name
updates.exe
log_directory
Logs
reconnect_delay
4000
startup_key
Windows Update
subdirectory
Windows

Targets

- Target
  
  0d4777cd136637a6a622af6891450a910bfb908743c1586b987ee75f0d923c9f
- Size
  
  877KB
- MD5
  
  af2cca9e175c1e73fdc927423bf34063
- SHA1
  
  9fb1313901e0ac98a4c5aa3da0c0223b4bfca1f2
- SHA256
  
  0d4777cd136637a6a622af6891450a910bfb908743c1586b987ee75f0d923c9f
- SHA512
  
  8d57d681ad9bfb772fdf74b05a5012e0cac168db3265864de1b9898ac0126b8ac969a273060275309ab6e99087acfc7ea48a2c2b8d2bc70989ef546d98ab9b9f
- SSDEEP
  
  12288:7FY7UCaIsX+aC+fwRDV4gF03IFdfQeArznBKau8i1ozAq5uZCTN2E/Ep6A4W/89m:7FKraaaNwC3ktQeAwVGB5uaZ/of3
Score

10^/10

quasar aoy discovery spyware trojan
- Quasar RAT
  Quasar is an open source Remote Access Tool.
  trojan spyware quasar
- Quasar family
  quasar
- Quasar payload
- Executes dropped EXE
- Loads dropped DLL
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

quasaraoydiscoveryspywaretrojan

behavioral2

quasaraoydiscoveryspywaretrojan