quasar | 4cdeb2eae1cec1ab07077142313c524e9cf360cdec63497538c4405c2d8ded62

Sharing

Copy URL

Twitter E-mail

General

Target

Quasar.v1.4.1.zip
Size

3.3MB
Sample

241123-1nlhksvjgn
MD5

13aa4bf4f5ed1ac503c69470b1ede5c1
SHA1

c0b7dadff8ac37f6d9fd00ae7f375e12812bfc00
SHA256

4cdeb2eae1cec1ab07077142313c524e9cf360cdec63497538c4405c2d8ded62
SHA512

767b03e4e0c2a97cb0282b523bcad734f0c6d226cd1e856f6861e6ae83401d0d30946ad219c8c5de3c90028a0141d3dc0111c85e0a0952156cf09e189709fa7d
SSDEEP

49152:lYLmNgMh/9yUsRFeWMyYISDSwtfxZQNemi57PdHmeFINp/lFnsDbNFNepL6DJo+J:mL9U1yUUQykOQ91XFYBlR8P9d5uNJo9

Score

10^/10

Malware Config

Extracted

Family

quasar

Attributes

reconnect_delay
5000

Targets

- Target
  
  Quasar.v1.4.1.zip
- Size
  
  3.3MB
- MD5
  
  13aa4bf4f5ed1ac503c69470b1ede5c1
- SHA1
  
  c0b7dadff8ac37f6d9fd00ae7f375e12812bfc00
- SHA256
  
  4cdeb2eae1cec1ab07077142313c524e9cf360cdec63497538c4405c2d8ded62
- SHA512
  
  767b03e4e0c2a97cb0282b523bcad734f0c6d226cd1e856f6861e6ae83401d0d30946ad219c8c5de3c90028a0141d3dc0111c85e0a0952156cf09e189709fa7d
- SSDEEP
  
  49152:lYLmNgMh/9yUsRFeWMyYISDSwtfxZQNemi57PdHmeFINp/lFnsDbNFNepL6DJo+J:mL9U1yUUQykOQ91XFYBlR8P9d5uNJo9
Score

10^/10

quasar spyware trojan
- Quasar RAT
  Quasar is an open source Remote Access Tool.
  trojan spyware quasar
- Quasar family
  quasar
- Quasar payload
- Executes dropped EXE
behavioral1 behavioral2
- Target
  
  Quasar v1.4.1/3rdPartyLicenses/Be.HexEditor_license.txt
- Size
  
  1KB
- MD5
  
  0a5c19336b04e958b8e528d66a61d048
- SHA1
  
  193042c0933223eaaa488a1cc61f41b1ec754a7c
- SHA256
  
  d691ba20526ed297dbabfd8beec2ef0dd2ee769783152ba5bcb9eb5037435efb
- SHA512
  
  79360909b329492a70c73c8bd2c031042ee73917e7092964cdd2a08cdfda237decdb2afe51214d30673f5d57826d60f61b424d4f573fcf168cce2d1ff9a46c51
Score

1^/10
behavioral3 behavioral4
- Target
  
  Quasar v1.4.1/3rdPartyLicenses/BouncyCastle_license.html
- Size
  
  1KB
- MD5
  
  bf8d5a737e70dd3493a475b8672f14df
- SHA1
  
  01d35be1b65293f7ca43ee1045424599923ab54a
- SHA256
  
  6b73c0a42d138d1f05b527c7b936e79af9f44a55d52e35f912da15c0dea43d30
- SHA512
  
  ecc23ef88b80944ed135233118db167bf5dc161b0392af25ae846010f9993673bbdb62f88bf6de24dc060a48a0cfe96be261d30f5dac2705ed0f01d987fe24b8
Score

3^/10

discovery
behavioral5 behavioral6
- Target
  
  Quasar v1.4.1/3rdPartyLicenses/GlobalMouseKeyHook_license.txt
- Size
  
  1KB
- MD5
  
  33c823163dce377d283d80c9d7d29de4
- SHA1
  
  6dc58ca71650f640cd7f0901ec33a94dcdbf7f44
- SHA256
  
  701a899c1bed0dfc8279ac2ba71696a65dba68df5f8e09fc1d18014b3cbb7d77
- SHA512
  
  5cb523b233213779942290c1aa63e2cad22e85fcfc00e17ab60a074a9ed4989f70e7cc4afc4c6e8fcc98be4febf76b7f6a2232e5b41eb4ab96ef99d259242352
Score

1^/10
behavioral7 behavioral8
- Target
  
  Quasar v1.4.1/3rdPartyLicenses/Mono.Cecil_license.txt
- Size
  
  1KB
- MD5
  
  4cc72ae97c8b623bd69a4de2539f9728
- SHA1
  
  4d44f4eeaa018e77c91041b5d10c33ac9ddcad98
- SHA256
  
  62dad7936fc1214d0187b1dd27bd68ec055af168b7fd1989cc8e36e0e2b9a990
- SHA512
  
  0247a33d7b28dbe3b88cd937f47aa58e10c6323ff484ce8a4676cf79c38851379d972ed5d193c65cf361ee2457578660834cce530c3834c5e868df6013aa2bac
Score

1^/10
behavioral10 behavioral9
- Target
  
  Quasar v1.4.1/3rdPartyLicenses/Open.Nat_license.txt
- Size
  
  1KB
- MD5
  
  e306664d753023ca56dbca39110ae1c4
- SHA1
  
  3199b9260659db4b366264ff8720a06fde47c9f9
- SHA256
  
  d9e507ef9edf463eaf893160f087a1c1a5325147ddd2c9a14c745454eb676ded
- SHA512
  
  cafc86d5ae3c73af236f53e2d6e20dc364f1a6ee032653ac6d6747dc2fa76a6464df5c2abc278dfaab407f9e3f96eaf64e690d7fb9b7f2ddbfccd833dda45229
Score

1^/10
behavioral11 behavioral12
- Target
  
  Quasar v1.4.1/3rdPartyLicenses/ResourceLib_license.txt
- Size
  
  1KB
- MD5
  
  26436010667b931ec76662b43577eaa2
- SHA1
  
  d4dfb647d6664c86e181b2debe63b035ead59c11
- SHA256
  
  2d4f0b0a61082bee4ded1e80664d228168ad379175ab930d7a00ecbce163b2ae
- SHA512
  
  c292594fed13e54e1ce48abe70cf2994dd98555a76ffd54c6266fae81072d9d598768873d6120580b3932e1141aa592415393eb812de825a8daa7857fdd01123
Score

1^/10
behavioral13 behavioral14
- Target
  
  Quasar v1.4.1/3rdPartyLicenses/SilkIcons_license.txt
- Size
  
  75B
- MD5
  
  a2d0860b0ba326ecc54ba0b6f5e9bae6
- SHA1
  
  ceb373c48097f533eb380295703c33986875237b
- SHA256
  
  b9906cfef91131960adb0eecdd8a85dcba384a48de6613b237f2888ed92b3e12
- SHA512
  
  76e4816d787f81c9cebdc2b6f003b194b93dfa6575aefd1989b56282bd816fe1a756e46388843dfb69bed7f9682b65a3a02bdcf9f9267a7b8fb44bdc65be8972
Score

1^/10
behavioral15 behavioral16
- Target
  
  Quasar v1.4.1/3rdPartyLicenses/protobuf-net_license.txt
- Size
  
  831B
- MD5
  
  dfe8687c4f152ee2b14f9be8493fca9c
- SHA1
  
  68015fa105f57af41c3cb7fa6313229dd0ca2bfc
- SHA256
  
  2b492575a689e98da5ced83d486a95c03d99f4a318cd4e8b04fe9c8dd53d8e51
- SHA512
  
  eaf78cb22277343aa177773d6df41fa9f56b2c92172a1eaccd41d73482dceffd6bb1f95092c060d0d1f9b9c079084beb7aee3bc7b0a0f28876db3e8caf7b1476
Score

1^/10
behavioral17 behavioral18
- Target
  
  Quasar v1.4.1/BouncyCastle.Crypto.dll
- Size
  
  3.2MB
- MD5
  
  0cf454b6ed4d9e46bc40306421e4b800
- SHA1
  
  9611aa929d35cbd86b87e40b628f60d5177d2411
- SHA256
  
  e51721dc0647f4838b1abc592bd95fd8cb924716e8a64f83d4b947821fa1fa42
- SHA512
  
  85262f1bc67a89911640f59a759b476b30ca644bd1a1d9cd3213cc8aae16d7cc6ea689815f19b146db1d26f7a75772ceb48e71e27940e3686a83eb2cf7e46048
- SSDEEP
  
  49152:JIBbo0WIgmjljFtXCdRLRBcJd+KaGxHIkMNqzP56O8lZ7qXUqi9Y:6BbBWIgWljGxRB/LLY
Score

1^/10
behavioral19 behavioral20
- Target
  
  Quasar v1.4.1/Gma.System.MouseKeyHook.dll
- Size
  
  56KB
- MD5
  
  bfb3bd1cb571360435100bfa6ed2b997
- SHA1
  
  1325e8dd76180a165117e04da4ee4a020e996880
- SHA256
  
  a67a424013544c8270c12633e2e1e287cd5cf0b3f2e81e8d8204b37a03da59ef
- SHA512
  
  ae5a88a9e86b9e64b8c289213f814586dfa5fe5e0cc21bdbc3e48c36d81fa9e763c6e78f24e40df07696228270ad72f408846125e61e33cae867ef8ff88a3c15
- SSDEEP
  
  768:qYnDJGdu2oE3d7ltSl+Y8sCcm8Doi/L0CPw87qquEZ+r3FhuiFJ8G:VncoU48/AzPwYpNZ6rXJ8G
Score

1^/10
behavioral21 behavioral22
- Target
  
  Quasar v1.4.1/LICENSE
- Size
  
  1KB
- MD5
  
  2656bf9fcaf47fa043715bbd3b2f5134
- SHA1
  
  5832164b16008d7396501f857f9f5f8799fd179c
- SHA256
  
  49a25b5003ae74dc02141ba8cd29e1515baf4a2bf8d783019cc2148e07688b9b
- SHA512
  
  4d8ca0fc4a8aca853925df5d93eeed1e7c232e1e3816fe096cf153bc6ff802258b7d7c58cbaab4817c3eb4acc7f888b0c622400783fdd3140c7fd954a40c095d
Score

1^/10
behavioral23 behavioral24
- Target
  
  Quasar v1.4.1/Mono.Cecil.Mdb.dll
- Size
  
  42KB
- MD5
  
  1c6aca0f1b1fa1661fc1e43c79334f7c
- SHA1
  
  ec0f591a6d12e1ea7dc8714ec7e5ad7a04ef455d
- SHA256
  
  411f8ed8c49738fa38a56ed8f991d556227d13602e83186e66ae1c4f821c940b
- SHA512
  
  1c59e939d108f15881d29fe4ced4e5fa4a4476394b58b6eb464da77192cb8fe9221b7cd780af4596914d4cce7c3fc53f1bb567f944c58829de8efbe1fd87be76
- SSDEEP
  
  768:Ar5EYZep98C87KHeBUZwrEzsEAnbF+em50KktmM4CRIcZwMRTIzMAtpw:Ar59g98C87KHeBUb5AnZG+zdwMRTzAtS
Score

1^/10
behavioral25 behavioral26
- Target
  
  Quasar v1.4.1/Mono.Cecil.Pdb.dll
- Size
  
  87KB
- MD5
  
  6d5eb860c2be5dbeb470e7d3f3e7dda4
- SHA1
  
  80c76660b87c52127b1a7da48e27700f75362041
- SHA256
  
  447ede1984bb4acd73bd97c0ec57a11c079cee8301c91fb199ca98c1906d3cc4
- SHA512
  
  64cf4fe7de68a35720d2b9338ba9cf182e127d95d72d2ccf7ff5c73a368133663e70c988a460825fa87b2d03717a4447948d5262f56aceb7c3bf1cb3ab5a41a5
- SSDEEP
  
  1536:2OCAsdBo+am5OMwr5IlALYKXgAJGsZhTjrjvjCXeO:ZCjta0OMuIlArVJGqT/jveXeO
Score

1^/10
behavioral27 behavioral28
- Target
  
  Quasar v1.4.1/Mono.Cecil.Rocks.dll
- Size
  
  27KB
- MD5
  
  6e7f0f4fff6c49e3f66127c23b7f1a53
- SHA1
  
  14a529f8c7ee9f002d1e93dcf8ff158ab74c7e1a
- SHA256
  
  2e2623319bdc362974a78ea4a43f4893011ec257884d24267f4594142fcd436e
- SHA512
  
  0c773da6717dd6919cd6241d3cee26ab00bb61ea2dbeff24844a067af4c87ff5cbdb2fe3ada5db4707cee921b3fb353bd12ee22b8490597d4f67ad39bace235e
- SSDEEP
  
  384:70ve8JOuJ5iC7n2NwxEXCni+VXcMeDz8PmR1ugLoaeuLMBG9UphJAprjE3uFLHa9:7+m4iCyrXOhG8uRssveum1pMFLHFBvd
Score

1^/10
behavioral29 behavioral30
- Target
  
  Quasar v1.4.1/Mono.Cecil.dll
- Size
  
  350KB
- MD5
  
  de69bb29d6a9dfb615a90df3580d63b1
- SHA1
  
  74446b4dcc146ce61e5216bf7efac186adf7849b
- SHA256
  
  f66f97866433e688acc3e4cd1e6ef14505f81df6b26dd6215e376767f6f954bc
- SHA512
  
  6e96a510966a4acbca900773d4409720b0771fede37f24431bf0d8b9c611eaa152ba05ee588bb17f796d7b8caaccc10534e7cc1c907c28ddfa54ac4ce3952015
- SSDEEP
  
  6144:jIevdbLPNYe8bikm98KXPHhOWY/fFREomhUFD3z:se1PNL+QRfBg/f/EWFD
Score

1^/10
behavioral31 behavioral32

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Quasar RAT

Quasar family

Quasar payload

Executes dropped EXE

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32