quasar | 501786d49303e7084656630f4bb87720b54ece67a076301085ed691105015b95 | Triage

Submit
Reports

Overview

overview

Static

static

spoofer.exe

windows7-x64

spoofer.exe

windows10-2004-x64

Sharing

General

Target

spoofer.exe
Size

3.1MB
Sample

241130-avnneatrax
MD5

062594a09e54ec44201297cfc273347d
SHA1

c5bc740dd3c184c11d6bf4d79a2171f5cb2cd27b
SHA256

501786d49303e7084656630f4bb87720b54ece67a076301085ed691105015b95
SHA512

a9ed40475b5ebf2e88534cc41793e10cf344c46e19e2e4c6a6ab344b9806144c93910d6fd604470d1aff9e667fd95b14bd54b0b3d3882c9a3d51a680c7f653c9
SSDEEP

49152:7vGvE2H5aweBHPbl6T/yGaqA6/WAe2EGHgk/uVKoGdlTHHB72eh2NT:7v0E2H5aweBHPbl6T/DaqA6/WAeTc

Score

10^/10

quasar sw_spoofer spyware trojan

Static task

static1

sw_spoofer quasar

3 signatures

Behavioral task

behavioral1

Sample

spoofer.exe

Resource

win7-20240903-en

quasar sw_spoofer spyware trojan

windows7-x64

13 signatures

150 seconds

Behavioral task

behavioral2

Sample

spoofer.exe

Resource

win10v2004-20241007-en

quasar sw_spoofer spyware trojan

windows10-2004-x64

13 signatures

150 seconds

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

Sw_Spoofer

C2

192.168.68.137:443

192.168.68.132:443

92.221.125.55:443

192.168.68.128:443

superwhomp.hopto.org:443

Mutex

501920dc-6c9c-426e-ba5a-a2a5412277dd

Attributes

encryption_key
5CB2755608EFDB1313EF4F2ACEA101833F5AEE2B
install_name
Runtime Broker.exe
log_directory
Logs
reconnect_delay
3000
startup_key
System
subdirectory
SubDir

Targets

- Target
  
  spoofer.exe
- Size
  
  3.1MB
- MD5
  
  062594a09e54ec44201297cfc273347d
- SHA1
  
  c5bc740dd3c184c11d6bf4d79a2171f5cb2cd27b
- SHA256
  
  501786d49303e7084656630f4bb87720b54ece67a076301085ed691105015b95
- SHA512
  
  a9ed40475b5ebf2e88534cc41793e10cf344c46e19e2e4c6a6ab344b9806144c93910d6fd604470d1aff9e667fd95b14bd54b0b3d3882c9a3d51a680c7f653c9
- SSDEEP
  
  49152:7vGvE2H5aweBHPbl6T/yGaqA6/WAe2EGHgk/uVKoGdlTHHB72eh2NT:7v0E2H5aweBHPbl6T/DaqA6/WAeTc
Score

10^/10

quasar sw_spoofer spyware trojan
- Quasar RAT
  Quasar is an open source Remote Access Tool.
  trojan spyware quasar
- Quasar family
  quasar
- Quasar payload
- Executes dropped EXE
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

sw_spooferquasar

behavioral1

quasarsw_spooferspywaretrojan

behavioral2

quasarsw_spooferspywaretrojan

© 2018-2025

Terms | Privacy