quasar | 47a15a0aac65d13a6584ef7fc87a0cddb29fdf65c8a91953d34ab246526d119c | Triage

Sharing

General

Target

47a15a0aac65d13a6584ef7fc87a0cddb29fdf65c8a91953d34ab246526d119c.exe
Size

876KB
Sample

241125-r8d5ka1rg1
MD5

b86b4d4fd31a31c1f0928ceb0483021e
SHA1

05391d6db90e961e02d2b16166572e9061768282
SHA256

47a15a0aac65d13a6584ef7fc87a0cddb29fdf65c8a91953d34ab246526d119c
SHA512

ea9b80462539b41d786d1566b71c847afe33adac8971016406bee37efa64f8f460d0578a9374cf3adeb9862047705f756eafb39d2a57746f56b7ad907f1922f4
SSDEEP

12288:6COzWsvIDqNc4Gqu7x5BRd6CMWMpFY0wjTyE9OXcg6VpUoME4KN6eclg5QUC:BOzxiqgjx5TddMWM0/83UDMTKgwC

Score

10^/10

quasar aoy discovery spyware trojan

Malware Config

Extracted

Family

quasar

Version

1.3.0.0

Botnet

AOY

C2

87.120.120.27:61540

127.0.0.1:61540

87.121.86.205:61541

Mutex

QSR_MUTEX_NOCv4TURf46HbVbxyc

Attributes

encryption_key
fVsndNhImy9VosyZSQbQ
install_name
updates.exe
log_directory
Logs
reconnect_delay
4000
startup_key
Windows Update
subdirectory
Windows

Targets

- Target
  
  47a15a0aac65d13a6584ef7fc87a0cddb29fdf65c8a91953d34ab246526d119c.exe
- Size
  
  876KB
- MD5
  
  b86b4d4fd31a31c1f0928ceb0483021e
- SHA1
  
  05391d6db90e961e02d2b16166572e9061768282
- SHA256
  
  47a15a0aac65d13a6584ef7fc87a0cddb29fdf65c8a91953d34ab246526d119c
- SHA512
  
  ea9b80462539b41d786d1566b71c847afe33adac8971016406bee37efa64f8f460d0578a9374cf3adeb9862047705f756eafb39d2a57746f56b7ad907f1922f4
- SSDEEP
  
  12288:6COzWsvIDqNc4Gqu7x5BRd6CMWMpFY0wjTyE9OXcg6VpUoME4KN6eclg5QUC:BOzxiqgjx5TddMWM0/83UDMTKgwC
Score

10^/10

quasar aoy discovery spyware trojan
- Quasar RAT
  Quasar is an open source Remote Access Tool.
  trojan spyware quasar
- Quasar family
  quasar
- Quasar payload
- Executes dropped EXE
- Loads dropped DLL
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

quasaraoydiscoveryspywaretrojan

behavioral2

quasaraoydiscoveryspywaretrojan