Extracted

• • Target

    33c16415bb86e33f9c9b5e37a20b875df320cc40f5a1d8d7c067279f1ca04b4bN.exe

  • Size

    3.8MB

  • MD5

    74eda795d396603a1b46b93eb10d72f0

  • SHA1

    5ef9985f0ebb66336125f4751c7da012582c9dd4

  • SHA256

    33c16415bb86e33f9c9b5e37a20b875df320cc40f5a1d8d7c067279f1ca04b4b

  • SHA512

    ef87c84b8d8238d8cbf58b2db4f06cabcd9f5c6471e73d5c30f877084586045dbe9ee47ac275bf59d37b66b9aa2a41809561d0aa3dcae43400c0f1537c5668c4

  • SSDEEP

    98304:CUBpeT0riOfERBGWQMYEUDPeuetEnEP4UTfGpFvMvh1u:CUBpeT0unRPQhCuMKUbGpxch1u

  Score

  10^/10

  quasar26-11discoveryspywaretrojanstealer

  • Quasar RAT

    Quasar is an open source Remote Access Tool.

    trojanspywarequasar

  • Quasar family

    quasar

  • Quasar payload

  • Suspicious use of NtCreateUserProcessOtherParentProcess

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Drops startup file

  • Executes dropped EXE

  • Loads dropped DLL

  • Reads WinSCP keys stored on the system

    Tries to access WinSCP stored sessions.

    spywarestealer

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Enumerates processes with tasklist

    discovery
  behavioral1behavioral2