Overview

overview

10

Static

static

1

d0d221d0a1...bN.exe

windows7-x64

10

d0d221d0a1...bN.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    93s
  • max time network
    112s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    29-11-2024 20:06

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    d0d221d0a152430a62531fd46b7c1f43721110da2bb3ee2f5688e484b143acebN.exe

  • Size

    5.6MB

  • MD5

    c549fe02bb65c0c2977c741c7ed4fd80

  • SHA1

    8475e459ba2fe572c53b08c061a5b24e074832a1

  • SHA256

    d0d221d0a152430a62531fd46b7c1f43721110da2bb3ee2f5688e484b143aceb

  • SHA512

    b51e81d073dc1bbdeea1f0dcf66901f2996faa5f30657e354c0c9271ad0f58ce0cc20744f8287afd81904d10148032038f2bad33e45d49685f7dce73e0a52b3a

  • SSDEEP

    98304:fC0lmUrXmOH9wShg7JrBAwbzWMaA/BcV6LoFU4:flmUjY/rHKAL4U4

Score
10/10
quasarneurospywaretrojan

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

NEURO

C2

51.15.17.193:4782

Mutex

1f6c9ecc-c030-43a4-bbf2-21326400cbb5

Attributes
  • encryption_key

    97599F6E5D14A784CC4DD36B18A277119042FDA8

  • install_name

    Client.exe

  • log_directory

    Logs

  • reconnect_delay

    3000

  • startup_key

    Quasar Client Startup

  • subdirectory

    SubDir

Signatures

  • Quasar RAT

    Quasar is an open source Remote Access Tool.

    trojanspywarequasar
  • Quasar family
    quasar
  • Quasar payload 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\d0d221d0a152430a62531fd46b7c1f43721110da2bb3ee2f5688e484b143acebN.exe
    "C:\Users\Admin\AppData\Local\Temp\d0d221d0a152430a62531fd46b7c1f43721110da2bb3ee2f5688e484b143acebN.exe"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:2164

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2164-0-0x00007FFD474F3000-0x00007FFD474F5000-memory.dmp

    Filesize

    8KB

    Download

  • memory/2164-1-0x0000016422950000-0x0000016422C74000-memory.dmp

    Filesize

    3.1MB

    Download

  • memory/2164-2-0x00007FFD474F0000-0x00007FFD47FB1000-memory.dmp

    Filesize

    10.8MB

    Download

  • memory/2164-3-0x00007FFD474F0000-0x00007FFD47FB1000-memory.dmp

    Filesize

    10.8MB

    Download

  • memory/2164-4-0x0000016422D60000-0x0000016422DB0000-memory.dmp

    Filesize

    320KB

    Download

  • memory/2164-5-0x0000016424AE0000-0x0000016424B92000-memory.dmp

    Filesize

    712KB

    Download

  • memory/2164-8-0x0000016409C30000-0x0000016409C42000-memory.dmp

    Filesize

    72KB

    Download

  • memory/2164-9-0x0000016422E00000-0x0000016422E3C000-memory.dmp

    Filesize

    240KB

    Download

  • memory/2164-10-0x00007FFD474F3000-0x00007FFD474F5000-memory.dmp

    Filesize

    8KB

    Download

  • memory/2164-11-0x00007FFD474F0000-0x00007FFD47FB1000-memory.dmp

    Filesize

    10.8MB

    Download

  • memory/2164-12-0x00007FFD474F0000-0x00007FFD47FB1000-memory.dmp

    Filesize

    10.8MB

    Download