quasar | 19c73e461bc7f6419aa3a7bdb1c953f0ec0c28fcd08a989094673cdcd1348c39 | Triage

Submit
Reports

Overview

overview

Static

static

nurjhrgbv.exe

windows10-2004-x64

nurjhrgbv.exe

windows10-ltsc 2021-x64

nurjhrgbv.exe

windows11-21h2-x64

Sharing

General

Target

nurjhrgbv.exe
Size

3.1MB
Sample

241208-zyrxnsyqbm
MD5

55583e9982ac74b4e17da2004552e5da
SHA1

da79fa80ff490c251c4e1b56051b86b8ab867292
SHA256

19c73e461bc7f6419aa3a7bdb1c953f0ec0c28fcd08a989094673cdcd1348c39
SHA512

699bcb5165b90a7ee7a591e2dc3028eb1f295cd40f6c6ed307d636fae3070b5a4e69ae7cc557d733462e33ffcaed4c3b1afd66b89eceb5479f1b0c11177de337
SSDEEP

49152:rvrI22SsaNYfdPBldt698dBcjHKp61JVLoGdtuWTHHB72eh2NT:rvU22SsaNYfdPBldt6+dBcjHKpg

Score

10^/10

quasar roar discovery spyware trojan

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

nurjhrgbv.exe

Resource

win10v2004-20241007-en

quasar roar discovery spyware trojan

windows10-2004-x64

13 signatures

150 seconds

Behavioral task

behavioral2

Sample

nurjhrgbv.exe

Resource

win10ltsc2021-20241023-en

quasar roar discovery spyware trojan

windows10-ltsc 2021-x64

13 signatures

150 seconds

Behavioral task

behavioral3

Sample

nurjhrgbv.exe

Resource

win11-20241007-en

quasar roar discovery spyware trojan

windows11-21h2-x64

12 signatures

150 seconds

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

roar

C2

weopgtjkjgserhgsfd-43392.portmap.host:43392

Mutex

f8cb2dc4-1bf5-48cb-8213-fa8d6f92d388

Attributes

encryption_key
C5904FDD788EA00F921C538B9FE80C0B0A0DE728
install_name
roar.exe
log_directory
Logs
reconnect_delay
3000
startup_key
discord
subdirectory
SubDir

Targets

- Target
  
  nurjhrgbv.exe
- Size
  
  3.1MB
- MD5
  
  55583e9982ac74b4e17da2004552e5da
- SHA1
  
  da79fa80ff490c251c4e1b56051b86b8ab867292
- SHA256
  
  19c73e461bc7f6419aa3a7bdb1c953f0ec0c28fcd08a989094673cdcd1348c39
- SHA512
  
  699bcb5165b90a7ee7a591e2dc3028eb1f295cd40f6c6ed307d636fae3070b5a4e69ae7cc557d733462e33ffcaed4c3b1afd66b89eceb5479f1b0c11177de337
- SSDEEP
  
  49152:rvrI22SsaNYfdPBldt698dBcjHKp61JVLoGdtuWTHHB72eh2NT:rvU22SsaNYfdPBldt6+dBcjHKpg
Score

10^/10

quasar roar discovery spyware trojan
- Quasar RAT
  Quasar is an open source Remote Access Tool.
  trojan spyware quasar
- Quasar family
  quasar
- Quasar payload
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
behavioral1 behavioral2 behavioral3

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

Remote System Discovery

System Information Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

quasarroardiscoveryspywaretrojan

behavioral2

quasarroardiscoveryspywaretrojan

behavioral3

quasarroardiscoveryspywaretrojan

© 2018-2024

Terms | Privacy