quasar | de6b367a4b3a81fea07cdaa9406b9b70a994581cfae539f5da441268e4be4188 | Triage

Sharing

General

Target

RFQ 9-XTC-204-60THD.xlsx.exe
Size

143KB
Sample

241203-qeenkawraz
MD5

c9951fb84a416c1f329b39b2da482348
SHA1

e250949b96260df94f7c4cce9ef009069690ffe6
SHA256

de6b367a4b3a81fea07cdaa9406b9b70a994581cfae539f5da441268e4be4188
SHA512

1e450fc3fff15facd76ce9ac643e2e0ef2ffad6e18ba54dd70f93968fc984d14f81f8429409ddf25320a2d80df6e240367b2dd49e4793acad2460c158e62c556
SSDEEP

3072:IODxM5DNveAHHY+axlCTo0JLsLbJo9LdtxAuAqdES0m5kJ8QvT5+hM94K2icI7y:IO9M5DNveAHHY+clCU0JLsLb+9LdtxAN

Score

10^/10

quasar chi discovery spyware trojan

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

chi

C2

ert43w221.ydns.eu:6298

Mutex

a9116a3c-c75d-46ba-83b2-70c9a140159e

Attributes

encryption_key
799E5C34BA6EC18D72E269D0C5CF1A5AC1AD9277
install_name
Client.exe
log_directory
Logs
reconnect_delay
3000
startup_key
svchost
subdirectory
SubDir

Targets

- Target
  
  RFQ 9-XTC-204-60THD.xlsx.exe
- Size
  
  143KB
- MD5
  
  c9951fb84a416c1f329b39b2da482348
- SHA1
  
  e250949b96260df94f7c4cce9ef009069690ffe6
- SHA256
  
  de6b367a4b3a81fea07cdaa9406b9b70a994581cfae539f5da441268e4be4188
- SHA512
  
  1e450fc3fff15facd76ce9ac643e2e0ef2ffad6e18ba54dd70f93968fc984d14f81f8429409ddf25320a2d80df6e240367b2dd49e4793acad2460c158e62c556
- SSDEEP
  
  3072:IODxM5DNveAHHY+axlCTo0JLsLbJo9LdtxAuAqdES0m5kJ8QvT5+hM94K2icI7y:IO9M5DNveAHHY+clCU0JLsLb+9LdtxAN
Score

10^/10

discovery quasar chi spyware trojan
- Quasar RAT
  Quasar is an open source Remote Access Tool.
  trojan spyware quasar
- Quasar family
  quasar
- Quasar payload
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Drops startup file
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

quasarchidiscoveryspywaretrojan