quasar | 79a52cb25a58cf08e11b46bc743cea2df4d5097bf1c80d5ec58c1abd2015b5a8

Sharing

Copy URL

Twitter E-mail

General

Target

Quasar Golden Edition 1.4.1.0.zip
Size

10.6MB
Sample

241124-be148sskfn
MD5

ab66bf6e04973621114e882834c91178
SHA1

b7a745de1aaa1b09d6aba7cb70d8ced0e61f2177
SHA256

79a52cb25a58cf08e11b46bc743cea2df4d5097bf1c80d5ec58c1abd2015b5a8
SHA512

94778e81709c9433defebcc1757433af37cf9a7e47f0c502b278e96d2e1d693b896983f58fa9b65186c252f4aafaee3ea55c8ac27030645c97e36a86536bbbfb
SSDEEP

196608:U5n78s8cBvZ4ISqnlxnt4y13PJnLAF3jBnzwbRLCGDllyi0jLunn2:U1x8c8Itnl1TxA3VnzwtLzl70/N

Score

10^/10

Malware Config

Extracted

Family

quasar

Attributes

reconnect_delay
5000

Targets

- Target
  
  Quasar Golden Edition 1.4.1.0/Include/NCC2.dll
- Size
  
  13KB
- MD5
  
  12e7983a050a5f7f7b501d3cda914248
- SHA1
  
  6ce5d9b763fc05dcdfcaea79a62a8352371d749c
- SHA256
  
  a0b6bb521e52a99abf5ac1017302da014d37296619078d42d9edf5d86d137f63
- SHA512
  
  0b8788c858c35e0f8f56d552518adb71c847240f6d7c199243e046c4c2e2ae32cb035a0bc5098631656c5d7d772be4fdfdc6a4e19e00092fb3eb09044998be97
- SSDEEP
  
  192:jKsAWXvf+AxcTC6xFrnT5xoqMSqzqqJocD/HCtVWAc3XTEqx2CvAPhz:9Z/f+XT/xBwqMSqeqqcmUDhKhz
Score

3^/10

discovery
behavioral1
- Target
  
  Quasar Golden Edition 1.4.1.0/Include/NCC3.dll
- Size
  
  72KB
- MD5
  
  aa84f91edd922e7b3bb979e663c94f1a
- SHA1
  
  da46b9962a6c6cceef38c3e11b8b5bc9c1b536fa
- SHA256
  
  38274608d5a4b53ec22f8099f798ba46ce0ed41db65a33dfb3853f0dbf849f6f
- SHA512
  
  88392fc77a0300ece306908867be38011530d9eefdf003452ba86d82f2fa4a61c2b27a199f376ac307c095beaa4f52cefcab59c8b28fa187c0bca13f55f2d98b
- SSDEEP
  
  1536:a44UF/3qab79HtYDAD5MPEBq9iNv6qfSOBHfVW:a44G3fRMPiuuv6qqOBHfVW
Score

3^/10

discovery
behavioral2
- Target
  
  Quasar Golden Edition 1.4.1.0/Include/NCCheck.dll
- Size
  
  162KB
- MD5
  
  569052631a6b80c1c6a336c10c978b02
- SHA1
  
  4bc411b19536c90a6ea0917d7d93f3f6560ee6f0
- SHA256
  
  c41cd461470ff3c936e225cea37e5190cb06e3cd70a3d76ca8e5d3aceead5493
- SHA512
  
  d0e251973a0c6b3fecaa41d9042c7001e4e9e20484fe2ed9ed1ce04a416952054cb010bff6643c0fa093ac60bbe079c11ba0d6f9699224a3db7a56fdbc4f7f69
- SSDEEP
  
  3072:iW3Hj+g/SFOANotkow8WZT75Izm04x7RP+iH3D1VIkB5XFu9H:v36gp5tk5Nx1P+iH3D1VIk6
Score

3^/10

discovery
behavioral3
- Target
  
  Quasar Golden Edition 1.4.1.0/Include/VS08ReactorAddin.dll
- Size
  
  133KB
- MD5
  
  b4c1e8023be1bd3af8425885ed5d02ce
- SHA1
  
  0d6e7eb3f8a6a442d7f7c030ddb0bdc5d907deed
- SHA256
  
  1952313f3a5c3b4e7a1269238dc070301c356bfb876471332d6439b6d3eefd12
- SHA512
  
  be0dec723b045afba3799435329b4c6dfa19997a4ba23725236f449990392f8531574eef1bf786bcf36777e7b72314d7210ed9e5508b114ae9a4112613436401
- SSDEEP
  
  1536:J1Ep+y0dr95DbEX1sJOSJCZQweMdYU+ZQweMdYU9:HS+y01fbEX+JOk
Score

1^/10
behavioral4
- Target
  
  Quasar Golden Edition 1.4.1.0/Include/VS13ReactorAddin.dll
- Size
  
  134KB
- MD5
  
  11ca1dfec3eaef207f6393d307cd5815
- SHA1
  
  c3e8d5267c6c295a0124dd396026ab07bf28ab09
- SHA256
  
  5e0efbda4f047575e7b7cd0ef047bddc7b05d5225f4a98a7d1ac93e28471e742
- SHA512
  
  bcac4268e3baf11ae8b8a87d6227f36b3c998040ef5301da5fd24e273d04827a74a5e027feb11decfddacfed2bbd2f86889fde63acf4e5c5c8adbc0e1b7ec935
- SSDEEP
  
  1536:xNfSLgOxb0fEonTpODxuHfr97OCzF1KRsNVpbdTRkr1sJOSJ4ZQweMdYUsZQweMc:xtScE8TIDefr97jFARsfpbd14+JOL
Score

1^/10
behavioral5
- Target
  
  Quasar Golden Edition 1.4.1.0/Include/VSReactorAddin.dll
- Size
  
  97KB
- MD5
  
  afc9814513e9cfb6a7905f1e6186e195
- SHA1
  
  641c75d7f0891fe5a4007b57cff863ee667a6d29
- SHA256
  
  a2629e2c3bf06260116bd88b07a8ee4fc8846367c9d8de53608ad5b4aadeb9db
- SHA512
  
  34ec4738c20b16fb22f600b0be84647a127d7c134365d53e78b8b3fcc5b38a4a91390503fd4d445b439831fe0fbd4a5bfa70216dc53c8df5daaa2b9f084a5f50
- SSDEEP
  
  1536:mnQAvDNONuHEEJTRkfLCbZGCZQweMdYUA1sJOSJE:lAvJKukYdkObZGt+JOt
Score

1^/10
behavioral6
- Target
  
  Quasar Golden Edition 1.4.1.0/Include/dotNET_Reactor.Console.exe
- Size
  
  14KB
- MD5
  
  0b4dbf61a98f3e34cdd3a1b08a6a4609
- SHA1
  
  73587f1f5d040541b230513d22d696513dbd4cf9
- SHA256
  
  e817802f166662a7df0b144571354d74b10e34d120f91ae9d84ca3ba925241c6
- SHA512
  
  7cca370890e4e245c84507623531b5f54b76ced3e8c6b87cdfc47ed16560b6a0a5cf9e0556075cd0d9266908e445b854114edd69d50870839624589676c0e688
- SSDEEP
  
  192:8jY53csvsqHwrHEdSAejbMfDn1Gp78dsKGXOdlWW1ksTkwy:8jEnskskQlm1GRJKGXOdlWW1XTR
Score

7^/10

discovery
- Loads dropped DLL
behavioral7
- Target
  
  Quasar Golden Edition 1.4.1.0/Include/dotNET_Reactor.exe
- Size
  
  5.8MB
- MD5
  
  7429e30caa2a8b41d926ffef1a05b347
- SHA1
  
  32abbd56225cd7379bb1cca8f6749d43916efe2b
- SHA256
  
  1efc5368bcd9704d7df85e2e143936d6ee4509ac31a7ca6d3eb4cf3b18c5ef27
- SHA512
  
  55243a97d9a7fcd43d531bb61615e734c8bfea242f6e28d67ce09cee586d032d83709a3b8c4ecf9b567252a53d1dad1853aca669316aa2ae62422386156b77c1
- SSDEEP
  
  49152:VoMLez0fgPdLl8HC5IaKSihCwc0YMOBf7BfKjGO+XYSaqNuT1i:Vy0fgPVwy70GUO
Score

7^/10

discovery
- Loads dropped DLL
behavioral8
- Target
  
  Quasar Golden Edition 1.4.1.0/Include/mpress.exe
- Size
  
  101KB
- MD5
  
  8b632bfc3fe653a510cba277c2d699d1
- SHA1
  
  d6a57aa17e5eb51297def9bac04e574c1e36d9c7
- SHA256
  
  2852680c94a9d68cdab285012d9328a1ceca290db60c9e35155c2bb3e46a41b4
- SHA512
  
  b9ea70ed984d3b4a42eceb9f34f222b722c4c1985b79b368d769fe0fd1f19f037ffebe2cf938aa98ed450337836a7469d911848448d99223995f7fb3a9304587
- SSDEEP
  
  3072:S0+mlNniJkkKcfqBOb65VgB183gUGQ340HpL:SvmlNn4kkeOAVA1rUGh0Hp
Score

3^/10

discovery
behavioral9
- Target
  
  Quasar Golden Edition 1.4.1.0/Mono.Cecil.dll
- Size
  
  277KB
- MD5
  
  8df4d6b5dc1629fcefcdc20210a88eac
- SHA1
  
  16c661757ad90eb84228aa3487db11a2eac6fe64
- SHA256
  
  3e4288b32006fe8499b43a7f605bb7337931847a0aa79a33217a1d6d1a6c397e
- SHA512
  
  874b4987865588efb806a283b0e785fd24e8b1562026edd43050e150bce6c883134f3c8ad0f8c107b0fb1b26fce6ddcc7e344a5f55c3788dac35035b13d15174
- SSDEEP
  
  6144:iYOMWAEq+PAEwGQ9Xivs0s4EtS1Fv8jnLKdFvkPo2:AG+PpjQSHv8jA
Score

1^/10
behavioral10
- Target
  
  Quasar Golden Edition 1.4.1.0/Mono.Nat.dll
- Size
  
  40KB
- MD5
  
  bf929442b12d4b5f9906b29834bf7db1
- SHA1
  
  810a2b3c8e548d1df931538bc304cc1405f7a32b
- SHA256
  
  b33435ac7cdefcf7c2adf96738c762a95414eb7a4967ef6b88dcda14d58bfee0
- SHA512
  
  9fcfaf48bfe5455a466e666bafa59a7348a736368daa892333cefa0cac22bcef3255f9cee24a70ed96011b73abea8e5d3dbf24876cffa81e0b532df41dd81828
- SSDEEP
  
  768:yoVesKx0V2LpibQJxoKUDHj560aSX3zlJAO:lVespQibC+H56k3fF
Score

1^/10
behavioral11
- Target
  
  Quasar Golden Edition 1.4.1.0/Quasar Golden Editionx.exe
- Size
  
  7.7MB
- MD5
  
  bb8b1f45d98a13e966973ca0eeefad9d
- SHA1
  
  f9393120df22a00ac7d4cdaad466d337b891bbec
- SHA256
  
  650f145e45a4b6f9a953f69df1d919bceaa3962c29d0a07ab7102afcf85a6930
- SHA512
  
  592c541a6dbf9aa02ffd6566f49bfe7b30ec6d51f116e3a36af10beb4412666b4f5ad7a75716af11757e7f5bd22fc909db18ab38df26af0e0e093e09ce9489e1
- SSDEEP
  
  196608:7JWQb/GQDd3JjPOVXRzPHGHR/kGlZ1I8GXPYl:9WQbr5uX5PHGx/P13Gf
Score

10^/10

xmrig defense_evasion evasion miner persistence privilege_escalation
- Xmrig family
  xmrig
- xmrig
  XMRig is a high performance, open source, cross platform CPU/GPU miner.
  miner xmrig
- XMRig Miner payload
  miner
- Modifies Windows Firewall
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Indicator Removal: Clear Persistence
  Clear artifacts associated with previously established persistence like scheduletasks on a host.
  defense_evasion
- Drops file in System32 directory
behavioral12
- Target
  
  Quasar Golden Edition 1.4.1.0/Vestris.ResourceLib.dll
- Size
  
  76KB
- MD5
  
  64e9cb25aeefeeba3bb579fb1a5559bc
- SHA1
  
  e719f80fcbd952609475f3d4a42aa578b2034624
- SHA256
  
  34cab594ce9c9af8e12a6923fc16468f5b87e168777db4be2f04db883c1db993
- SHA512
  
  b21cd93f010b345b09b771d24b2e5eeed3b73a82fc16badafea7f0324e39477b0d7033623923313d2de5513cb778428ae10161ae7fc0d6b00e446f8d89cf0f8c
- SSDEEP
  
  1536:5Z0R489PUoltCY19T7Uf5DYoRvtkA2MNmjYgGKeK9jXGYWs:L0R489PUeCy7Uf5pVCMwjVG/K9jp
Score

1^/10
behavioral13
- Target
  
  Quasar Golden Edition 1.4.1.0/client.bin
- Size
  
  278KB
- MD5
  
  19a3ab679df06aaff3d972cd014ca769
- SHA1
  
  fec74fcf958bd3effa02ae046308961f6a79cc54
- SHA256
  
  3ae294870c3f566d1fa8d05c04930b6a60569d23c4341dd1033f41530a3e8e6d
- SHA512
  
  41206553caab7a86e3ecc0e38a75ead6a74a5be358c53ee3a4902a367999409de8d381460ed3a20b9469c44667d1778bf7bd6fed728fc404c6c7e24afb5f589b
- SSDEEP
  
  3072:Ha0HvWfZu5YLCQ0eiGXkvg3TRP4QpaFtdwlj/jDLfXeLepb0t7mAq/37ua/C6Pee:9pQRiGXkIjRPZpYfwlTTXeypb0tqAaT
Score

10^/10

quasar discovery spyware trojan
- Quasar RAT
  Quasar is an open source Remote Access Tool.
  trojan spyware quasar
- Quasar family
  quasar
- Quasar payload
behavioral14