quasar | 2c13c16331719db777e6d391eb027e47a12c8e6a0cc36e15d7c4003e841997d1 | Triage

Submit
Reports

Overview

overview

Static

static

svchost.exe

windows7-x64

svchost.exe

windows10-2004-x64

Sharing

General

Target

svchost.exe
Size

3.1MB
Sample

241129-xrb7jawlcr
MD5

27fbdbdac166ee53df824d4e2a1807a0
SHA1

2df4cdbb8cc5861277fbaf1db7790fbd5112137b
SHA256

2c13c16331719db777e6d391eb027e47a12c8e6a0cc36e15d7c4003e841997d1
SHA512

50d5e8309e4a8f00838026b5917c3aed5c7191d9b464e798859251ac55bd5c6b7219811e9be3766a2166dee97cc845e16bfe9a2a7253c0466956b6e656551f14
SSDEEP

49152:vvHI22SsaNYfdPBldt698dBcjHQ2xE1v4LoG/kTHHB72eh2NT:vvo22SsaNYfdPBldt6+dBcjHQ2xH

Score

10^/10

quasar user01 spyware trojan

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

svchost.exe

Resource

win7-20241023-en

quasar user01 spyware trojan

windows7-x64

12 signatures

150 seconds

Behavioral task

behavioral2

Sample

svchost.exe

Resource

win10v2004-20241007-en

quasar user01 spyware trojan

windows10-2004-x64

12 signatures

150 seconds

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

User01

C2

hello383-37009.portmap.host:37009

Mutex

108151be-6bee-4922-a809-562bf18e7d5c

Attributes

encryption_key
2CF5E13B7455B67B54A919C41B45066DC7333545
install_name
svchost.exe
log_directory
Logs
reconnect_delay
3000
startup_key
svchost
subdirectory
systemapps

Targets

- Target
  
  svchost.exe
- Size
  
  3.1MB
- MD5
  
  27fbdbdac166ee53df824d4e2a1807a0
- SHA1
  
  2df4cdbb8cc5861277fbaf1db7790fbd5112137b
- SHA256
  
  2c13c16331719db777e6d391eb027e47a12c8e6a0cc36e15d7c4003e841997d1
- SHA512
  
  50d5e8309e4a8f00838026b5917c3aed5c7191d9b464e798859251ac55bd5c6b7219811e9be3766a2166dee97cc845e16bfe9a2a7253c0466956b6e656551f14
- SSDEEP
  
  49152:vvHI22SsaNYfdPBldt698dBcjHQ2xE1v4LoG/kTHHB72eh2NT:vvo22SsaNYfdPBldt6+dBcjHQ2xH
Score

10^/10

quasar user01 spyware trojan
- Quasar RAT
  Quasar is an open source Remote Access Tool.
  trojan spyware quasar
- Quasar family
  quasar
- Quasar payload
- Executes dropped EXE
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

quasaruser01spywaretrojan

behavioral2

quasaruser01spywaretrojan

© 2018-2025

Terms | Privacy