quasar | f6b0fc6a5f4a112d39fcd842b40ed94d1b5ce5497740a203d387f8b8671e6197 | Triage

Submit
Reports

Overview

overview

Static

static

Virus4.exe

windows7-x64

Virus4.exe

windows10-2004-x64

Sharing

General

Target

Virus4.exe
Size

348KB
Sample

241129-eacsmaypdn
MD5

6c4612f6b207a0eb617b398da7b7f59d
SHA1

34619dc1f2d62f62860d101652a0e150cd4bf817
SHA256

f6b0fc6a5f4a112d39fcd842b40ed94d1b5ce5497740a203d387f8b8671e6197
SHA512

5c8d3c5311f94732bda158ff10c7c6e88581972cd7271a548c6db1db90fed4fc531c9fcc57b9910b0ac863db305b9d455916da710b5b97181b604bce70685bc7
SSDEEP

6144:t16bPXhLApfp/eJ3NP9rVD6ykbgD/IuU8dIVlF7rPa:fmhApkJJ9rVDNjTIuUGIx7rPa

Score

10^/10

quasar hackeado papu discovery spyware trojan

Static task

static1

hackeado papu quasar

3 signatures

Behavioral task

behavioral1

Sample

Virus4.exe

Resource

win7-20241010-en

quasar hackeado papu discovery spyware trojan

windows7-x64

11 signatures

150 seconds

Behavioral task

behavioral2

Sample

Virus4.exe

Resource

win10v2004-20241007-en

quasar hackeado papu discovery spyware trojan

windows10-2004-x64

10 signatures

150 seconds

Malware Config

Extracted

Family

quasar

Version

1.3.0.0

Botnet

hackeado papu

C2

dbxs31c.localto.net:3491

Mutex

QSR_MUTEX_Da9VX0BUJqFSTadPhi

Attributes

encryption_key
I8mNHC6UK41sX6rFwFmk
install_name
Windows.exe
log_directory
Logs
reconnect_delay
3000
startup_key
Windows
subdirectory
SubDir

Targets

- Target
  
  Virus4.exe
- Size
  
  348KB
- MD5
  
  6c4612f6b207a0eb617b398da7b7f59d
- SHA1
  
  34619dc1f2d62f62860d101652a0e150cd4bf817
- SHA256
  
  f6b0fc6a5f4a112d39fcd842b40ed94d1b5ce5497740a203d387f8b8671e6197
- SHA512
  
  5c8d3c5311f94732bda158ff10c7c6e88581972cd7271a548c6db1db90fed4fc531c9fcc57b9910b0ac863db305b9d455916da710b5b97181b604bce70685bc7
- SSDEEP
  
  6144:t16bPXhLApfp/eJ3NP9rVD6ykbgD/IuU8dIVlF7rPa:fmhApkJJ9rVDNjTIuUGIx7rPa
Score

10^/10

quasar hackeado papu discovery spyware trojan
- Quasar RAT
  Quasar is an open source Remote Access Tool.
  trojan spyware quasar
- Quasar family
  quasar
- Quasar payload
- Executes dropped EXE
- Loads dropped DLL
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

hackeado papuquasar

behavioral1

quasarhackeado papudiscoveryspywaretrojan

behavioral2

quasarhackeado papudiscoveryspywaretrojan

© 2018-2025

Terms | Privacy