quasar | 10a790a9b50e4c6f915746b6794d78015c30d86f929e001cdb473a7d6c12bda3 | Triage

Sharing

General

Target

10a790a9b50e4c6f915746b6794d78015c30d86f929e0.exe
Size

3.1MB
Sample

241123-2pyd7sxjaj
MD5

f8e14830219b5f706d5be0a308d17a91
SHA1

7770bea20a180cc35e33ec74fc78cf6ba4be10a7
SHA256

10a790a9b50e4c6f915746b6794d78015c30d86f929e001cdb473a7d6c12bda3
SHA512

e631910f7e833894b60373cd342ccca33d8237e7f6b049b515b53f612beb827d230b0d865703f9f563a9674cb63697e6ced3623125c7b6bb307d8286391f46e6
SSDEEP

49152:XvBhBYjCO4Dt2d5aKCuVPzlEmVQL0wvwkaOSX3varsLoGd5THHB72eh2NT:XvJt2d5aKCuVPzlEmVQ0wvwfT3V

Score

10^/10

quasar windows defender spyware trojan

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

Windows Defender

C2

UID2024-57338.portmap.io:57338

Mutex

492cae3d-ab2c-4ceb-af93-7e8c4a52fe41

Attributes

encryption_key
B625DA4A24D0BDCC91D89338E0FFF1CC2FADBB51
install_name
Windows Defender.exe
log_directory
Logs
reconnect_delay
3000
startup_key
Windows Defender
subdirectory
SubDir

Targets

- Target
  
  10a790a9b50e4c6f915746b6794d78015c30d86f929e0.exe
- Size
  
  3.1MB
- MD5
  
  f8e14830219b5f706d5be0a308d17a91
- SHA1
  
  7770bea20a180cc35e33ec74fc78cf6ba4be10a7
- SHA256
  
  10a790a9b50e4c6f915746b6794d78015c30d86f929e001cdb473a7d6c12bda3
- SHA512
  
  e631910f7e833894b60373cd342ccca33d8237e7f6b049b515b53f612beb827d230b0d865703f9f563a9674cb63697e6ced3623125c7b6bb307d8286391f46e6
- SSDEEP
  
  49152:XvBhBYjCO4Dt2d5aKCuVPzlEmVQL0wvwkaOSX3varsLoGd5THHB72eh2NT:XvJt2d5aKCuVPzlEmVQ0wvwfT3V
Score

10^/10

quasar windows defender spyware trojan
- Quasar RAT
  Quasar is an open source Remote Access Tool.
  trojan spyware quasar
- Quasar family
  quasar
- Quasar payload
- Executes dropped EXE
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

windows defenderquasar

behavioral1

quasarwindows defenderspywaretrojan

behavioral2

quasarwindows defenderspywaretrojan