quasar | 364bced583c788ce29ea940ae80375ddc554d631bba03a0f2c2773c116ebabb2 | Triage

Submit
Reports

Overview

overview

Static

static

3

364bced583...b2.exe

windows7-x64

364bced583...b2.exe

windows10-2004-x64

Sharing

General

Target

364bced583c788ce29ea940ae80375ddc554d631bba03a0f2c2773c116ebabb2.exe
Size

480KB
Sample

241126-vhj5nswpcm
MD5

e556f54617292b377654a8c2f6016498
SHA1

ff3326d42c53b021fcd38d24f08a2d637623e538
SHA256

364bced583c788ce29ea940ae80375ddc554d631bba03a0f2c2773c116ebabb2
SHA512

3e7e00f9247649f8768d05058388882f249c11ab46610bd1aaf581436d01d55f117d2d61818540a449fe67ea1d3ff49cea62d0bf915dea100a7c77d7656e4c36
SSDEEP

12288:iww6xvH9M3Ir55+JpWQbe6Ef4D+2u+4gnflehWv:inKP9M4r55+JAQGf4D+2tleAv

Score

10^/10

quasar svchost.exe discovery spyware trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

364bced583c788ce29ea940ae80375ddc554d631bba03a0f2c2773c116ebabb2.exe

Resource

win7-20240903-en

quasar svchost.exe discovery spyware trojan

windows7-x64

12 signatures

120 seconds

Behavioral task

behavioral2

Sample

364bced583c788ce29ea940ae80375ddc554d631bba03a0f2c2773c116ebabb2.exe

Resource

win10v2004-20241007-en

quasar svchost.exe discovery spyware trojan

windows10-2004-x64

12 signatures

120 seconds

Malware Config

Extracted

Family

quasar

Version

1.3.0.0

Botnet

svchost.exe

C2

23.227.174.82:4782

Mutex

QSR_MUTEX_UtaUPinApnyZsQXsVE

Attributes

encryption_key
hn8U0t79xWv7f03kzG79
install_name
Client.exe
log_directory
Logs
reconnect_delay
3000
startup_key
Quasar Client Startup
subdirectory
SubDir

Targets

- Target
  
  364bced583c788ce29ea940ae80375ddc554d631bba03a0f2c2773c116ebabb2.exe
- Size
  
  480KB
- MD5
  
  e556f54617292b377654a8c2f6016498
- SHA1
  
  ff3326d42c53b021fcd38d24f08a2d637623e538
- SHA256
  
  364bced583c788ce29ea940ae80375ddc554d631bba03a0f2c2773c116ebabb2
- SHA512
  
  3e7e00f9247649f8768d05058388882f249c11ab46610bd1aaf581436d01d55f117d2d61818540a449fe67ea1d3ff49cea62d0bf915dea100a7c77d7656e4c36
- SSDEEP
  
  12288:iww6xvH9M3Ir55+JpWQbe6Ef4D+2u+4gnflehWv:inKP9M4r55+JAQGf4D+2tleAv
Score

10^/10

quasar svchost.exe discovery spyware trojan
- Quasar RAT
  Quasar is an open source Remote Access Tool.
  trojan spyware quasar
- Quasar family
  quasar
- Quasar payload
- Drops startup file
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

quasarsvchost.exediscoveryspywaretrojan

behavioral2

quasarsvchost.exediscoveryspywaretrojan

© 2018-2024

Terms | Privacy