quasar | 8423008e3289419542dd8d07a896ea86009dca840bf2a3bae2c24ea06808d847 | Triage

Sharing

General

Target

1.rar
Size

72KB
Sample

241212-k95kkszjcs
MD5

712a72e0b97b1b24659ab44bc77e42d2
SHA1

0dbf27a9c47cb8d59cca1d44769ee09ca496640c
SHA256

8423008e3289419542dd8d07a896ea86009dca840bf2a3bae2c24ea06808d847
SHA512

d22ea35745510a057ea8b5ca552cdb3cf8fbb3bca3e916ebbb8da74360ebe6025896166bb0d9e14d1fd8d0c4da93a10125518ace89a442fc1b431e04ffd814fb
SSDEEP

1536:RRhxo0FYmex2Phn58CiUBJwPdtzdpFKDr+7me/P/2+olEPnf3orN:HDFQI8qnwPXz4uaYP/4lEPwrN

Score

10^/10

quasar onye discovery spyware trojan

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

onye

C2

winera.ydns.eu:6298

Mutex

4d79333b-1758-4ff2-8d36-e4612bbfd878

Attributes

encryption_key
799E5C34BA6EC18D72E269D0C5CF1A5AC1AD9277
install_name
Client.exe
log_directory
Logs
reconnect_delay
3000
startup_key
settings
subdirectory
SubDir

Targets

- Target
  
  Po_7837236367-386363783-Turkey-Import-sales.xlsx.exe
- Size
  
  174KB
- MD5
  
  90b63162f613ec7e392c15dbcc844750
- SHA1
  
  64acb9112424b2937dd3724d4460d64b5b418dbd
- SHA256
  
  4c5ae8b60005526d81508706a1dfc6e491a3d51bc2b0dbe2d26d2b53a25cfe50
- SHA512
  
  7f3057d6496895317acfadc40c620438709087f1dd61fc88ae210cb27ea036192e591287c295457c10080a380319ff98aee790264d5864668fc7f7d248e1d70b
- SSDEEP
  
  3072:c7DOEKsy8Jg6IlXjK1p8rlHfbbxfwIphhup6gma8f5tUzpTnZO+hOeH:H8JfcjW8rlHjb9/pXu8nOnE+N
Score

10^/10

discovery quasar onye spyware trojan
- Quasar RAT
  Quasar is an open source Remote Access Tool.
  trojan spyware quasar
- Quasar family
  quasar
- Quasar payload
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Drops startup file
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

quasaronyediscoveryspywaretrojan