quasar | 01349efa40959e8c4653c93da14f7b11c0a6fbe54894d998970abd46ca701d6e | Triage

Submit
Reports

Overview

overview

Static

static

5

06201f911b...4a.exe

windows7-x64

06201f911b...4a.exe

windows10-2004-x64

Sharing

General

Target

06201f911b2f736433fac73c68b2194a.exe
Size

4.8MB
Sample

241201-2cg7fszmal
MD5

06201f911b2f736433fac73c68b2194a
SHA1

4d7221f72b4b541bb7efb2a36cac419391d532ed
SHA256

01349efa40959e8c4653c93da14f7b11c0a6fbe54894d998970abd46ca701d6e
SHA512

461604e159a010cb97d39ad683aab654d4c56512c2d437f9adcaa7f51a032aec880f0c9641ede195eefb80333d0f4f329e77352856d37b0c34107965535a6b43
SSDEEP

49152:DTvC/MTQYxsWR7a522meghLwOqxEs08Y6m2ZyoblJP6fa:HjTQYxsWRimeghLwPx6GZyobHP

Score

10^/10

quasar 1606 discovery spyware trojan

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

06201f911b2f736433fac73c68b2194a.exe

Resource

win7-20240903-en

quasar 1606 discovery spyware trojan

windows7-x64

16 signatures

150 seconds

Behavioral task

behavioral2

Sample

06201f911b2f736433fac73c68b2194a.exe

Resource

win10v2004-20241007-en

quasar 1606 discovery spyware trojan

windows10-2004-x64

17 signatures

150 seconds

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

1606

C2

pixels.game-server.cc:1606

Mutex

6d96d222-8b64-4e23-a33e-b2753466d47c

Attributes

encryption_key
0D9465E10679C48F6CD017D507EF5A31654D1928
install_name
Client.exe
log_directory
wLogs
reconnect_delay
3000
startup_key
Quasar Client Startup
subdirectory
SubDir

Targets

- Target
  
  06201f911b2f736433fac73c68b2194a.exe
- Size
  
  4.8MB
- MD5
  
  06201f911b2f736433fac73c68b2194a
- SHA1
  
  4d7221f72b4b541bb7efb2a36cac419391d532ed
- SHA256
  
  01349efa40959e8c4653c93da14f7b11c0a6fbe54894d998970abd46ca701d6e
- SHA512
  
  461604e159a010cb97d39ad683aab654d4c56512c2d437f9adcaa7f51a032aec880f0c9641ede195eefb80333d0f4f329e77352856d37b0c34107965535a6b43
- SSDEEP
  
  49152:DTvC/MTQYxsWR7a522meghLwOqxEs08Y6m2ZyoblJP6fa:HjTQYxsWRimeghLwPx6GZyobHP
Score

10^/10

quasar 1606 discovery spyware trojan
- Quasar RAT
  Quasar is an open source Remote Access Tool.
  trojan spyware quasar
- Quasar family
  quasar
- Quasar payload
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Legitimate hosting services abused for malware hosting/C2
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

quasar1606discoveryspywaretrojan

behavioral2

quasar1606discoveryspywaretrojan

© 2018-2024

Terms | Privacy