quasar | 7908bdb7ba08f8c9b9aafbf113b51dd379ae4d43a89e4b8bc3801159ed10d71f | Triage

Submit
Reports

Overview

overview

Static

static

3

Universal.exe

windows10-2004-x64

Resubmissions

08-12-2024 00:34

241208-aw2xesxrbl 10

08-12-2024 00:33

241208-awe3nasmfx 10

Sharing

General

Target

Universal.exe
Size

9.0MB
Sample

241208-awe3nasmfx
MD5

b16206b1cf5cf25c38414b3f1b369539
SHA1

5382e726725987acf9fc44b722b88a7c244696ae
SHA256

7908bdb7ba08f8c9b9aafbf113b51dd379ae4d43a89e4b8bc3801159ed10d71f
SHA512

5c990213c23f9087a1cd8caa3d78d938901d50a7a322c3fb5969386a5a3f4e27f9c283eb68f46bbed7fe537dc349d0db9ca62f313317c225b1ee5ab90db8a931
SSDEEP

196608:HllOb99rpYB/HGe2s2em9572gugYlNVtrIb8bVKj8xeF:HutYB/mU2euqn28Yj8x+

Score

10^/10

quasar universal discovery pyinstaller spyware trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

Universal.exe

Resource

win10v2004-20241007-en

quasar universal discovery pyinstaller spyware trojan

windows10-2004-x64

16 signatures

150 seconds

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

Universal

C2

gfwrfwerfewfeq-54402.portmap.host:54402

Mutex

d4a39711-3adb-4df8-aadd-f34e6b8e20aa

Attributes

encryption_key
2C237F672DAC6A3056F8BA2A735CF3147385D6C7
install_name
Aimmy.exe
log_directory
Logs
reconnect_delay
3000
startup_key
Windows Clean Boot
subdirectory
WindowsSecurityInfo

Targets

- Target
  
  Universal.exe
- Size
  
  9.0MB
- MD5
  
  b16206b1cf5cf25c38414b3f1b369539
- SHA1
  
  5382e726725987acf9fc44b722b88a7c244696ae
- SHA256
  
  7908bdb7ba08f8c9b9aafbf113b51dd379ae4d43a89e4b8bc3801159ed10d71f
- SHA512
  
  5c990213c23f9087a1cd8caa3d78d938901d50a7a322c3fb5969386a5a3f4e27f9c283eb68f46bbed7fe537dc349d0db9ca62f313317c225b1ee5ab90db8a931
- SSDEEP
  
  196608:HllOb99rpYB/HGe2s2em9572gugYlNVtrIb8bVKj8xeF:HutYB/mU2euqn28Yj8x+
Score

10^/10

quasar universal discovery pyinstaller spyware trojan
- Quasar RAT
  Quasar is an open source Remote Access Tool.
  trojan spyware quasar
- Quasar family
  quasar
- Quasar payload
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

quasaruniversaldiscoverypyinstallerspywaretrojan

© 2018-2024

Terms | Privacy