quasar | 924188bbdd762cc5c66d26ef496ee6004a15c599d71628a6a80b596bcb0e641f | Triage

Sharing

General

Target

6718_output.zip
Size

1.2MB
Sample

241209-v11v5svpbw
MD5

948170cde8168bfae52c997ef1cd9ac2
SHA1

a4b04c17afc99abcefe6fa138c2dbb7b92c6762b
SHA256

924188bbdd762cc5c66d26ef496ee6004a15c599d71628a6a80b596bcb0e641f
SHA512

9c8489d730546c52b725cb1d0dad455f813fe7b35d39e651d2ed978cb1faa3f1f3891437f17518dee6867f499e672da4ecaa19c112b1e6e9e9d8f6e6f77c7ca4
SSDEEP

24576:qlDxVFiGrqLmMShlr4oSYZupmS2uIQJMkP+34YEiSrk:iDtiGrq0r9SOuES2uIig4fiv

Score

10^/10

quasar searchindexer execution spyware trojan

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

searchindexer

C2

87.120.113.125:55644

Mutex

0c021db0-bf71-4ae4-b9ae-2671afdea591

Attributes

encryption_key
54717FCDBD30C7781F669403FBC8E35733C37E34
install_name
searchindexer.exe
log_directory
Logs
reconnect_delay
3000
startup_key
searchindexer
subdirectory
SubDir

Targets

- Target
  
  9273_output.vbs
- Size
  
  1.6MB
- MD5
  
  89444730511dcc04894433ad215e9f02
- SHA1
  
  8af2c8469f0381666bbdfbb12965c48290ef817b
- SHA256
  
  7bfbcbf1a30ba537264e189e39b2ada434fc451c99a7fe680aa6196cd931b625
- SHA512
  
  121bcab2c0e4c0c307565742f03d4ebef33ba677f4591a2d95238c500c82fbeafd4d52521bdf57e0775178b081a95b877b561721ec72540b0beb4acf3548a19f
- SSDEEP
  
  24576:prCPrx+7wnggpUvK3oVj1S1LYuhN0E7olLXm5ttA7AhazaJUelDBY1Qq0+BbUklh:g/rUTV40u3oli5LEgaaUKat0+BbeYz
Score

10^/10

execution quasar searchindexer spyware trojan
- Quasar RAT
  Quasar is an open source Remote Access Tool.
  trojan spyware quasar
- Quasar family
  quasar
- Quasar payload
- Blocklisted process makes network request
- Command and Scripting Interpreter: PowerShell
  Run Powershell and hide display window.
  execution
- Command and Scripting Interpreter: PowerShell
  Using powershell.exe command.
  execution
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Drops file in System32 directory
behavioral1 behavioral2 behavioral3 behavioral4

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

quasarsearchindexerexecutionspywaretrojan

behavioral3

quasarsearchindexerexecutionspywaretrojan

behavioral4

quasarsearchindexerexecutionspywaretrojan