quasar | b3c3b561ccbf7495fad802c6fd079b90a26964d01a7340ebd4d9c1e4bc1a6a52 | Triage

Sharing

General

Target

b3c3b561ccbf7495fad802c6fd079b90a26964d01a7340ebd4d9c1e4bc1a6a52N.exe
Size

3.1MB
Sample

241205-zxbjassjds
MD5

94da5dd6f7a50b3d660f3471d19ccdc0
SHA1

52693e5d3106eaf45a139dc460795ef1ae1173a5
SHA256

b3c3b561ccbf7495fad802c6fd079b90a26964d01a7340ebd4d9c1e4bc1a6a52
SHA512

959e569dac00260e5774a89018abb579731f67e22f8da001bfdf74cfa9252a0e9998c436b2d720121c5474de13a896647579bf7ced91ad84aa9b7ac5e58de07f
SSDEEP

49152:av/lL26AaNeWgPhlmVqvMQ7XSKPHgMtDw48coGdMTHHB72eh2NT:avNL26AaNeWgPhlmVqkQ7XSKPAMJ

Score

10^/10

quasar database spyware trojan

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

database

C2

91.160.181.237:4782

91.160.181.237:4783

Mutex

bcda0faa-47b1-4e7d-be7c-8ff6fbc69a61

Attributes

encryption_key
65940F11374651C87E8131C4328E542AEFE6F05D
install_name
Runtlme Broker.exe
log_directory
Logs
reconnect_delay
3000
startup_key
Runtlme Broker
subdirectory
Runtlme Broker

Targets

- Target
  
  b3c3b561ccbf7495fad802c6fd079b90a26964d01a7340ebd4d9c1e4bc1a6a52N.exe
- Size
  
  3.1MB
- MD5
  
  94da5dd6f7a50b3d660f3471d19ccdc0
- SHA1
  
  52693e5d3106eaf45a139dc460795ef1ae1173a5
- SHA256
  
  b3c3b561ccbf7495fad802c6fd079b90a26964d01a7340ebd4d9c1e4bc1a6a52
- SHA512
  
  959e569dac00260e5774a89018abb579731f67e22f8da001bfdf74cfa9252a0e9998c436b2d720121c5474de13a896647579bf7ced91ad84aa9b7ac5e58de07f
- SSDEEP
  
  49152:av/lL26AaNeWgPhlmVqvMQ7XSKPHgMtDw48coGdMTHHB72eh2NT:avNL26AaNeWgPhlmVqkQ7XSKPAMJ
Score

10^/10

quasar database spyware trojan
- Quasar RAT
  Quasar is an open source Remote Access Tool.
  trojan spyware quasar
- Quasar family
  quasar
- Quasar payload
- Executes dropped EXE
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

quasardatabasespywaretrojan

behavioral2

quasardatabasespywaretrojan