quasar | fdfd4e8e4eb78853bf8bbdcdf575b30009608d295e1ab972f8f4fc9e002ad1db | Triage

Sharing

General

Target

R8GHS_Client-built.exe_obf.bat
Size

4.8MB
Sample

241201-3ekwssslfl
MD5

0ea9a510475daf6eb6499a876dade6c2
SHA1

6b2414fc97ff2aa43a561d3110ec3e5017ca87ec
SHA256

fdfd4e8e4eb78853bf8bbdcdf575b30009608d295e1ab972f8f4fc9e002ad1db
SHA512

b94b96765df14ee5ca7617f98b2e5750ad361193f435c7d9e0a6c9f7a775cfd70c7960c522a055d69125652ce070c2281e29ccd120b00d5748c5aa4587ea494a
SSDEEP

49152:6xA1np9ExTwHISa8/DNhtJJMJYz4xkFjyfgxLHRvs24CJMBDU78RH:k

Score

10^/10

quasar fr execution spyware trojan

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

fr

C2

127.0.0.1:61875

Mutex

de3f242e-9b27-4bcc-b108-2b89973fa679

Attributes

encryption_key
A9E1D2CBD6699561DDC6C38CE5B7E79D283DC83E
install_name
Client.exe
log_directory
Logs
reconnect_delay
3000
startup_key
Quasar Client Startup
subdirectory
SubDir

Targets

- Target
  
  R8GHS_Client-built.exe_obf.bat
- Size
  
  4.8MB
- MD5
  
  0ea9a510475daf6eb6499a876dade6c2
- SHA1
  
  6b2414fc97ff2aa43a561d3110ec3e5017ca87ec
- SHA256
  
  fdfd4e8e4eb78853bf8bbdcdf575b30009608d295e1ab972f8f4fc9e002ad1db
- SHA512
  
  b94b96765df14ee5ca7617f98b2e5750ad361193f435c7d9e0a6c9f7a775cfd70c7960c522a055d69125652ce070c2281e29ccd120b00d5748c5aa4587ea494a
- SSDEEP
  
  49152:6xA1np9ExTwHISa8/DNhtJJMJYz4xkFjyfgxLHRvs24CJMBDU78RH:k
Score

10^/10

execution quasar fr spyware trojan
- Quasar RAT
  Quasar is an open source Remote Access Tool.
  trojan spyware quasar
- Quasar family
  quasar
- Quasar payload
- Command and Scripting Interpreter: PowerShell
  Using powershell.exe command.
  execution
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

quasarfrexecutionspywaretrojan