Overview

overview

10

Static

static

3

5e80f12a0c...f8.exe

windows7-x64

10

5e80f12a0c...f8.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    5e80f12a0c97e2df597c4f5029821ed77d30c42835db6190e6b6ba556d1987f8.exe

  • Size

    498KB

  • Sample

    241207-k61r8a1qdk

  • MD5

    0b289f42527f29b5080b2c27f1b81abc

  • SHA1

    b4609368985d9c37c5b3b1bed3098360a7e2bd52

  • SHA256

    5e80f12a0c97e2df597c4f5029821ed77d30c42835db6190e6b6ba556d1987f8

  • SHA512

    0af17966a2b3291f25dac48600360ae59f3e235162f9c3b5cb676a331089ac52e33e228df0b4471b946d2934cf0d4a880392f7b8690485741b2426474b7289e4

  • SSDEEP

    12288:3bTrOWFYTzFpaioEoKibiDfq1NznYtK++0AY8fV2Ex82HzlGnmtwa4JwaC1rFDZU:rOWFepgio59nMKj0ABV2+Y7J1H

Score
10/10
quasardiscoveryspywaretrojan

Malware Config

Targets

    • Target

      5e80f12a0c97e2df597c4f5029821ed77d30c42835db6190e6b6ba556d1987f8.exe

    • Size

      498KB

    • MD5

      0b289f42527f29b5080b2c27f1b81abc

    • SHA1

      b4609368985d9c37c5b3b1bed3098360a7e2bd52

    • SHA256

      5e80f12a0c97e2df597c4f5029821ed77d30c42835db6190e6b6ba556d1987f8

    • SHA512

      0af17966a2b3291f25dac48600360ae59f3e235162f9c3b5cb676a331089ac52e33e228df0b4471b946d2934cf0d4a880392f7b8690485741b2426474b7289e4

    • SSDEEP

      12288:3bTrOWFYTzFpaioEoKibiDfq1NznYtK++0AY8fV2Ex82HzlGnmtwa4JwaC1rFDZU:rOWFepgio59nMKj0ABV2+Y7J1H

    Score
    10/10
    quasardiscoveryspywaretrojan

    • Quasar RAT

      Quasar is an open source Remote Access Tool.

      trojanspywarequasar

    • Quasar family

      quasar

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks