quasar | d0d221d0a152430a62531fd46b7c1f43721110da2bb3ee2f5688e484b143aceb | Triage

Sharing

General

Target

d0d221d0a152430a62531fd46b7c1f43721110da2bb3ee2f5688e484b143acebN.exe
Size

5.6MB
Sample

241129-yvp38stmfy
MD5

c549fe02bb65c0c2977c741c7ed4fd80
SHA1

8475e459ba2fe572c53b08c061a5b24e074832a1
SHA256

d0d221d0a152430a62531fd46b7c1f43721110da2bb3ee2f5688e484b143aceb
SHA512

b51e81d073dc1bbdeea1f0dcf66901f2996faa5f30657e354c0c9271ad0f58ce0cc20744f8287afd81904d10148032038f2bad33e45d49685f7dce73e0a52b3a
SSDEEP

98304:fC0lmUrXmOH9wShg7JrBAwbzWMaA/BcV6LoFU4:flmUjY/rHKAL4U4

Score

10^/10

quasar neuro spyware trojan

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

NEURO

C2

51.15.17.193:4782

Mutex

1f6c9ecc-c030-43a4-bbf2-21326400cbb5

Attributes

encryption_key
97599F6E5D14A784CC4DD36B18A277119042FDA8
install_name
Client.exe
log_directory
Logs
reconnect_delay
3000
startup_key
Quasar Client Startup
subdirectory
SubDir

Targets

- Target
  
  d0d221d0a152430a62531fd46b7c1f43721110da2bb3ee2f5688e484b143acebN.exe
- Size
  
  5.6MB
- MD5
  
  c549fe02bb65c0c2977c741c7ed4fd80
- SHA1
  
  8475e459ba2fe572c53b08c061a5b24e074832a1
- SHA256
  
  d0d221d0a152430a62531fd46b7c1f43721110da2bb3ee2f5688e484b143aceb
- SHA512
  
  b51e81d073dc1bbdeea1f0dcf66901f2996faa5f30657e354c0c9271ad0f58ce0cc20744f8287afd81904d10148032038f2bad33e45d49685f7dce73e0a52b3a
- SSDEEP
  
  98304:fC0lmUrXmOH9wShg7JrBAwbzWMaA/BcV6LoFU4:flmUjY/rHKAL4U4
Score

10^/10

quasar neuro spyware trojan
- Quasar RAT
  Quasar is an open source Remote Access Tool.
  trojan spyware quasar
- Quasar family
  quasar
- Quasar payload
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

quasarneurospywaretrojan

behavioral2

quasarneurospywaretrojan