quasar | 34724d55cdb275b2ddebae16b7b493468a0a3662f6d4fc3ddb071e9d4fcc520b | Triage

Sharing

General

Target

34724d55cdb275b2ddebae16b7b493468a0a3662f6d4fc3ddb071e9d4fcc520b.exe
Size

3.8MB
Sample

241123-yfwx8syrfq
MD5

e16816239c10837fdaf0d3d5febc4525
SHA1

b662a2201f17dc73c80034bb02a31cfe2d954dcd
SHA256

34724d55cdb275b2ddebae16b7b493468a0a3662f6d4fc3ddb071e9d4fcc520b
SHA512

faccb111fa03181cc9d1dab0f312821facb549465bb3adba8e0772c09b67758f31ff9ac5be786abc5881f3edfc5c9492448fddbf89a82256c3207072f966d9c2
SSDEEP

98304:O723YzTXNjOel1CI7f1qxBefg4+gVXCQCbSZUJ5Kg:O72ozzcel1CI7fNI4trCb7Kg

Score

10^/10

quasar code discovery spyware trojan

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

CODE

C2

twart.myfirewall.org:9792

rency.ydns.eu:5287

wqo9.firewall-gateway.de:8841

Mutex

02351e291-5d041-4fa37-932c7-869aeiQec514992

Attributes

encryption_key
3145298725BA5E0DD56E87FFE3F8898EA81E6EDA
install_name
workbook.exe
log_directory
Logs
reconnect_delay
6000
startup_key
workbook
subdirectory
SubDir

Targets

- Target
  
  34724d55cdb275b2ddebae16b7b493468a0a3662f6d4fc3ddb071e9d4fcc520b.exe
- Size
  
  3.8MB
- MD5
  
  e16816239c10837fdaf0d3d5febc4525
- SHA1
  
  b662a2201f17dc73c80034bb02a31cfe2d954dcd
- SHA256
  
  34724d55cdb275b2ddebae16b7b493468a0a3662f6d4fc3ddb071e9d4fcc520b
- SHA512
  
  faccb111fa03181cc9d1dab0f312821facb549465bb3adba8e0772c09b67758f31ff9ac5be786abc5881f3edfc5c9492448fddbf89a82256c3207072f966d9c2
- SSDEEP
  
  98304:O723YzTXNjOel1CI7f1qxBefg4+gVXCQCbSZUJ5Kg:O72ozzcel1CI7fNI4trCb7Kg
Score

10^/10

discovery quasar code spyware trojan
- Quasar RAT
  Quasar is an open source Remote Access Tool.
  trojan spyware quasar
- Quasar family
  quasar
- Quasar payload
- Executes dropped EXE
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

quasarcodediscoveryspywaretrojan