quasar | 0f19f7f52cd3153147f72eadde474b26ad507715727d9a905a0817e4127fd334 | Triage

Submit
Reports

Overview

overview

Static

static

3

ZulaSpacexHack.exe

windows7-x64

ZulaSpacexHack.exe

windows10-2004-x64

Sharing

General

Target

ZulaSpacexHack.exe
Size

2.2MB
Sample

241208-t8z35stqaj
MD5

7785c52b863e9dae3fac08e3b130bb32
SHA1

d812fe11ca73f802e5dbfa3422c17d88bf59066d
SHA256

0f19f7f52cd3153147f72eadde474b26ad507715727d9a905a0817e4127fd334
SHA512

805aa770dce5b6fe0743d8de53c8b597eed372115f4b93077e5e22d5269f3b3425c01206d17c98f4ad7dae8aa3e001511c2e2bb598628700b804653965b7bc8a
SSDEEP

49152:+/y6Dko0SrLauBl8GGftU2wDRxOUiH6wPsJ1EtA9guyZ:+qW0UBMQxER2iA9guyZ

Score

10^/10

quasar zulaspcx discovery spyware trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

ZulaSpacexHack.exe

Resource

win7-20240903-en

quasar zulaspcx discovery spyware trojan

windows7-x64

13 signatures

150 seconds

Behavioral task

behavioral2

Sample

ZulaSpacexHack.exe

Resource

win10v2004-20241007-en

quasar zulaspcx discovery spyware trojan

windows10-2004-x64

13 signatures

150 seconds

Malware Config

Extracted

Family

quasar

Attributes

reconnect_delay
3000

Extracted

Family

quasar

Version

1.4.1

Botnet

zulaspcx

C2

yeniceri99-24578.portmap.io:24578

Mutex

938aa95f-e3d4-483d-9217-ffafea133927

Attributes

encryption_key
3BBA711AB673CCE3CC23338F52513D2C4D42AFEF
install_name
svchost.exe
log_directory
Logs
reconnect_delay
3000
startup_key
Update
subdirectory
Windows

Targets

- Target
  
  ZulaSpacexHack.exe
- Size
  
  2.2MB
- MD5
  
  7785c52b863e9dae3fac08e3b130bb32
- SHA1
  
  d812fe11ca73f802e5dbfa3422c17d88bf59066d
- SHA256
  
  0f19f7f52cd3153147f72eadde474b26ad507715727d9a905a0817e4127fd334
- SHA512
  
  805aa770dce5b6fe0743d8de53c8b597eed372115f4b93077e5e22d5269f3b3425c01206d17c98f4ad7dae8aa3e001511c2e2bb598628700b804653965b7bc8a
- SSDEEP
  
  49152:+/y6Dko0SrLauBl8GGftU2wDRxOUiH6wPsJ1EtA9guyZ:+qW0UBMQxER2iA9guyZ
Score

10^/10

quasar zulaspcx discovery spyware trojan
- Quasar RAT
  Quasar is an open source Remote Access Tool.
  trojan spyware quasar
- Quasar family
  quasar
- Quasar payload
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

quasarzulaspcxdiscoveryspywaretrojan

behavioral2

quasarzulaspcxdiscoveryspywaretrojan

© 2018-2024

Terms | Privacy