quasar | b63d3105f4cc32fd098e2e780226965dac57cfb59be41705d14c4999413b39dd | Triage

Sharing

General

Target

TransferenciaInterbancaria.xlsx.exe
Size

875KB
Sample

241209-m4kz4avpgy
MD5

45ceeacf3abe7ed79b516d9f8a2a38da
SHA1

9dde49444c02e49ef15a885214a16dae2727ef1e
SHA256

b63d3105f4cc32fd098e2e780226965dac57cfb59be41705d14c4999413b39dd
SHA512

8c3128828df7d0ed0594f4273a2d8d66e66f43d4fe68fbef3ebc1e711324de7a7ce0db0c5c21fa1c8390a5ebb1d53ce9ff3f60bb57af31d7048c236a30d1b978
SSDEEP

12288:rDFW+bJWI5jPjdTYoeT2NecNhoU1JWE2rFoMuMK:FW+bJWIvLNemaU1/M

Score

10^/10

quasar mx discovery spyware trojan

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

mx

C2

ert43w221.ydns.eu:6298

Mutex

7a41955f-eb2f-4ca4-8f9f-5e9bfadf0810

Attributes

encryption_key
799E5C34BA6EC18D72E269D0C5CF1A5AC1AD9277
install_name
Client.exe
log_directory
Logs
reconnect_delay
3000
startup_key
svchost
subdirectory
SubDir

Targets

- Target
  
  TransferenciaInterbancaria.xlsx.exe
- Size
  
  875KB
- MD5
  
  45ceeacf3abe7ed79b516d9f8a2a38da
- SHA1
  
  9dde49444c02e49ef15a885214a16dae2727ef1e
- SHA256
  
  b63d3105f4cc32fd098e2e780226965dac57cfb59be41705d14c4999413b39dd
- SHA512
  
  8c3128828df7d0ed0594f4273a2d8d66e66f43d4fe68fbef3ebc1e711324de7a7ce0db0c5c21fa1c8390a5ebb1d53ce9ff3f60bb57af31d7048c236a30d1b978
- SSDEEP
  
  12288:rDFW+bJWI5jPjdTYoeT2NecNhoU1JWE2rFoMuMK:FW+bJWIvLNemaU1/M
Score

10^/10

discovery quasar mx spyware trojan
- Quasar RAT
  Quasar is an open source Remote Access Tool.
  trojan spyware quasar
- Quasar family
  quasar
- Quasar payload
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Drops startup file
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

quasarmxdiscoveryspywaretrojan