quasar | e8156e44befb5335f9c18acdd0d428c3a8fa316546a71fbbbd2c64c08f697a3e | Triage

Submit
Reports

Overview

overview

Static

static

RegEdit.exe

windows10-ltsc 2021-x64

Sharing

General

Target

RegEdit.exe
Size

3.1MB
Sample

241127-a79fmsvmcr
MD5

bfacb0c11a720d61c03412d7f68fb8df
SHA1

06c5304b3d6d75734ae3f8f30c9486dd855f0335
SHA256

e8156e44befb5335f9c18acdd0d428c3a8fa316546a71fbbbd2c64c08f697a3e
SHA512

89a8dcf157e7b390f946925273d34c3f6bf2cdef62e2908f96ceb64e4dbd12d5cb353c7b0e2a37ff59187dd33d3c95ab640295c433ff8e4df760baca3a127cda
SSDEEP

49152:uvHI22SsaNYfdPBldt698dBcjHqEFlymzknoGd9UTHHB72eh2NT:uvo22SsaNYfdPBldt6+dBcjHqEFlE

Score

10^/10

quasar dumby bo got ratted lolol spyware trojan

Static task

static1

dumby bo got ratted lolol quasar

3 signatures

Behavioral task

behavioral1

Sample

RegEdit.exe

Resource

win10ltsc2021-20241023-en

quasar dumby bo got ratted lolol spyware trojan

windows10-ltsc 2021-x64

15 signatures

150 seconds

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

dumby bo got ratted LOLOL

C2

p-surplus.gl.at.ply.gg:7938

Mutex

6f229673-e6d0-41b5-a1e4-1cbc29eeffd8

Attributes

encryption_key
84EEFDB37698E582E7732B4568EC490426D1D6DF
install_name
d1aler.exe
log_directory
Logs
reconnect_delay
3000
startup_key
Java updater
subdirectory
SubDir

Targets

- Target
  
  RegEdit.exe
- Size
  
  3.1MB
- MD5
  
  bfacb0c11a720d61c03412d7f68fb8df
- SHA1
  
  06c5304b3d6d75734ae3f8f30c9486dd855f0335
- SHA256
  
  e8156e44befb5335f9c18acdd0d428c3a8fa316546a71fbbbd2c64c08f697a3e
- SHA512
  
  89a8dcf157e7b390f946925273d34c3f6bf2cdef62e2908f96ceb64e4dbd12d5cb353c7b0e2a37ff59187dd33d3c95ab640295c433ff8e4df760baca3a127cda
- SSDEEP
  
  49152:uvHI22SsaNYfdPBldt698dBcjHqEFlymzknoGd9UTHHB72eh2NT:uvo22SsaNYfdPBldt6+dBcjHqEFlE
Score

10^/10

quasar dumby bo got ratted lolol spyware trojan
- Quasar RAT
  Quasar is an open source Remote Access Tool.
  trojan spyware quasar
- Quasar family
  quasar
- Quasar payload
- Executes dropped EXE
- Drops file in System32 directory
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

dumby bo got ratted lololquasar

behavioral1

quasardumby bo got ratted lololspywaretrojan

© 2018-2024

Terms | Privacy