quasar | 92db8e4b3d6b4d90a8959bd647f0b928e3cb98c5c4cb1e757b187baba1379f83 | Triage

Sharing

General

Target

RFQ7-82927766783 WF242183 TRGR-989789-875473657.xlsx.arj
Size

34KB
Sample

241125-rfaaxazpht
MD5

0dcf1c8d2873642fb3cc75a5fc8a2f52
SHA1

bee2d530adf9fa1d006d6763bffa7376ac7406df
SHA256

92db8e4b3d6b4d90a8959bd647f0b928e3cb98c5c4cb1e757b187baba1379f83
SHA512

e90d90af17ee1968056ed431f9adae4bad888aa7e1c2f7c0bb657b2055c716823ae46aad3c339a80996c7ea164577fd51c513efa03bea353ac9c13807163f77f
SSDEEP

768:SYObJc37S/V5tikOc5GVDL9nCo85Kh5bUAhMiJH8CeMw:SCgEkOb3IKh5bUAK0HJLw

Score

10^/10

quasar chi discovery spyware trojan

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

chi

C2

ert43w221.ydns.eu:6298

Mutex

db1ec7b2-f77c-4b56-b5fd-a1430b0b26b9

Attributes

encryption_key
799E5C34BA6EC18D72E269D0C5CF1A5AC1AD9277
install_name
Client.exe
log_directory
Logs
reconnect_delay
3000
startup_key
svchost
subdirectory
SubDir

Targets

- Target
  
  RFQ7-82927766783 WF242183 TRGR-989789引流管中性.xlsx.exe
- Size
  
  82KB
- MD5
  
  5405c36dca0a57d8a6632550b0cba212
- SHA1
  
  9f487e0902b7c39a4c4dd8dd9e918dc3dc10245c
- SHA256
  
  8d429a2e8f8b5403c44cb7597598c2ba18a40ccb464f2997426d3eefbbd888c0
- SHA512
  
  c699a965e289613d31f699494328f9570abc61ea437ab199afbb266c923c9383c366e3f4bec1de27614f2d9672de5449ee39e0d3614df3f315a2b64fad2e8e6b
- SSDEEP
  
  1536:eKPDl0ZVabbkg9ot5dR7GqPoS95sRvWQONAjzGX+:eKPDOZVEbkg6lKC0eBNAjzV
Score

10^/10

discovery quasar chi spyware trojan
- Quasar RAT
  Quasar is an open source Remote Access Tool.
  trojan spyware quasar
- Quasar family
  quasar
- Quasar payload
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Drops startup file
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

quasarchidiscoveryspywaretrojan