quasar | bf07e9ac79ed258fa40f5c00e1b06e88a7648926f9351f4b860352a7d8a1f7ab | Triage

Sharing

General

Target

bf07e9ac79ed258fa40f5c00e1b06e88a7648926f9351f4b860352a7d8a1f7abN.exe
Size

876KB
Sample

241126-wedn6ayjhq
MD5

96ada2b7d27c62da2635104a0b1d71d0
SHA1

8730396d2c4adcb2b2531ca207d3338604622f15
SHA256

bf07e9ac79ed258fa40f5c00e1b06e88a7648926f9351f4b860352a7d8a1f7ab
SHA512

1084cd57f87c6610897711f2107705d9fdfacb402a9ca4cf8624c04d00d6c04cbeb239b6945484387f22e500d8afcda090379bc25f659b0f0b9fd111422b4215
SSDEEP

24576:weKxzRSGSL0v0mMO5PKDRwszHMC8hrAaRKG:BKxVpSL0AiyDysAC8hrZ

Score

10^/10

quasar aoy discovery spyware trojan

Malware Config

Extracted

Family

quasar

Version

1.3.0.0

Botnet

AOY

C2

87.120.120.27:61540

127.0.0.1:61540

87.121.86.205:61541

Mutex

QSR_MUTEX_NOCv4TURf46HbVbxyc

Attributes

encryption_key
fVsndNhImy9VosyZSQbQ
install_name
updates.exe
log_directory
Logs
reconnect_delay
4000
startup_key
Windows Update
subdirectory
Windows

Targets

- Target
  
  bf07e9ac79ed258fa40f5c00e1b06e88a7648926f9351f4b860352a7d8a1f7abN.exe
- Size
  
  876KB
- MD5
  
  96ada2b7d27c62da2635104a0b1d71d0
- SHA1
  
  8730396d2c4adcb2b2531ca207d3338604622f15
- SHA256
  
  bf07e9ac79ed258fa40f5c00e1b06e88a7648926f9351f4b860352a7d8a1f7ab
- SHA512
  
  1084cd57f87c6610897711f2107705d9fdfacb402a9ca4cf8624c04d00d6c04cbeb239b6945484387f22e500d8afcda090379bc25f659b0f0b9fd111422b4215
- SSDEEP
  
  24576:weKxzRSGSL0v0mMO5PKDRwszHMC8hrAaRKG:BKxVpSL0AiyDysAC8hrZ
Score

10^/10

quasar aoy discovery spyware trojan
- Quasar RAT
  Quasar is an open source Remote Access Tool.
  trojan spyware quasar
- Quasar family
  quasar
- Quasar payload
- Executes dropped EXE
- Loads dropped DLL
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

quasaraoydiscoveryspywaretrojan

behavioral2

quasaraoydiscoveryspywaretrojan