quasar | hxxps://gofile[.]io/d/FwnpgK | Triage

Submit
Reports

Overview

overview

Static

static

1

URLScan

urlscan

1

https://gofile.io/d/...

windows11-21h2-x64

Resubmissions

11-12-2024 21:19

241211-z6pghstjgq 10

11-12-2024 21:18

241211-z5x29synbz 3

Sharing

General

Target

https://gofile.io/d/FwnpgK
Sample

241211-z6pghstjgq

Score

10^/10

quasar c0nvar defense_evasion discovery spyware trojan

Static task

static1

URLScan task

urlscan1

Behavioral task

behavioral1

Sample

https://gofile.io/d/FwnpgK

Resource

win11-20241007-en

quasar c0nvar defense_evasion discovery spyware trojan

windows11-21h2-x64

22 signatures

150 seconds

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

c0nvar

C2

10.0.2.15:4782

Mutex

5f356d1d-9478-4b8b-bb7a-36cdaf711a22

Attributes

encryption_key
5316134D3D004512946441D81B03C1383BD4BF32
install_name
matcall.exe
log_directory
WindowsDiagnostics
reconnect_delay
3000
startup_key
Microsoft Attribute Caller
subdirectory
UserRequired

Targets

- Target
  
  https://gofile.io/d/FwnpgK
Score

10^/10

quasar c0nvar defense_evasion discovery spyware trojan
- Quasar RAT
  Quasar is an open source Remote Access Tool.
  trojan spyware quasar
- Quasar family
  quasar
- Quasar payload
- Downloads MZ/PE file
- Executes dropped EXE
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Subvert Trust Controls

SIP and Trust Provider Hijacking

Credential Access

Discovery

Browser Information Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

urlscan1

behavioral1

quasarc0nvardefense_evasiondiscoveryspywaretrojan

© 2018-2024

Terms | Privacy