quasar | 6c8c37a36abed711c096496eb53002120dec75d7784d90f3360ca48d454431dc | Triage

Sharing

General

Target

PATCHER [made by @jd].exe
Size

2.1MB
Sample

241207-e78asswpbx
MD5

30820e492faa5109df2c39bb7fc61d8c
SHA1

01c4eb3c0d90e957bd5f20db51694c7dbe39614e
SHA256

6c8c37a36abed711c096496eb53002120dec75d7784d90f3360ca48d454431dc
SHA512

0d9d5177231011081da3e355c4030c9073371b0d956f2145ead7aa3605ef590dfcd88c154b68c0586b9dab38dabe5286e3d2018e85c38faade3fc4c6309659c7
SSDEEP

49152:kDjlabwz9kAxS1tXXWuXm6oi4PP5iU1rZw5bRTtRQD7M8NSXUiWyZ6QR:0qwLOPXjoieP5iU1VwfJR4NfiWyZ64

Score

10^/10

quasar nezur discovery execution spyware trojan

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

NEZUR

C2

107.136.27.33:10233

Mutex

fff2c6c9-4135-4292-8ffe-7f7aa8dcb732

Attributes

encryption_key
2D1DA0043928941E360CA9DDD7F6E55E0EF46EF7
install_name
Client.exe
log_directory
Logs
reconnect_delay
3000
startup_key
Steam
subdirectory
SubDir

Targets

- Target
  
  PATCHER [made by @jd].exe
- Size
  
  2.1MB
- MD5
  
  30820e492faa5109df2c39bb7fc61d8c
- SHA1
  
  01c4eb3c0d90e957bd5f20db51694c7dbe39614e
- SHA256
  
  6c8c37a36abed711c096496eb53002120dec75d7784d90f3360ca48d454431dc
- SHA512
  
  0d9d5177231011081da3e355c4030c9073371b0d956f2145ead7aa3605ef590dfcd88c154b68c0586b9dab38dabe5286e3d2018e85c38faade3fc4c6309659c7
- SSDEEP
  
  49152:kDjlabwz9kAxS1tXXWuXm6oi4PP5iU1rZw5bRTtRQD7M8NSXUiWyZ6QR:0qwLOPXjoieP5iU1VwfJR4NfiWyZ64
Score

10^/10

quasar nezur discovery execution spyware trojan
- Quasar RAT
  Quasar is an open source Remote Access Tool.
  trojan spyware quasar
- Quasar family
  quasar
- Quasar payload
- Command and Scripting Interpreter: PowerShell
  Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
  execution
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

quasarnezurdiscoveryexecutionspywaretrojan

behavioral2