quasar | 4f75c8b2204dea15253538593f9543e9c08a6f32b6b62c3007a4be987768240b

General

Target

Client-built.exe
Size

348KB
Sample

241213-h3711ssjcs
MD5

d4f5a1eaa8d1467c371ce8998e04a4e8
SHA1

5ed12542244e20ae17dde30c3cac45aac000e863
SHA256

4f75c8b2204dea15253538593f9543e9c08a6f32b6b62c3007a4be987768240b
SHA512

703d6e78dbf440459a26011724af0e50a199c9a21eac050f2479d64655099c127b6813bb98c4149e0d48d95bbf431aa7b3eaacfd913328c3f5657f005c7b31b5
SSDEEP

6144:LmqQ4i1FFiEKOfh82fqBvbbuz+PTL6S6oQ07O:Spli12Au0O3oQ07O

Score

10^/10

Malware Config

Extracted

Family

quasar

Version

1.3.0.0

Botnet

Test

C2

4.tcp.eu.ngrok.io:8080

4.tcp.eu.ngrok.io:16210

Mutex

QSR_MUTEX_UChDVRqo1s5jujpKYt

Attributes

encryption_key
lm1Hl2B1pRLn9MiBmo10
install_name
Client.exe
log_directory
Logs
reconnect_delay
3000
startup_key
Quasar Client Startup
subdirectory
SubDir

Targets

- Target
  
  Client-built.exe
- Size
  
  348KB
- MD5
  
  d4f5a1eaa8d1467c371ce8998e04a4e8
- SHA1
  
  5ed12542244e20ae17dde30c3cac45aac000e863
- SHA256
  
  4f75c8b2204dea15253538593f9543e9c08a6f32b6b62c3007a4be987768240b
- SHA512
  
  703d6e78dbf440459a26011724af0e50a199c9a21eac050f2479d64655099c127b6813bb98c4149e0d48d95bbf431aa7b3eaacfd913328c3f5657f005c7b31b5
- SSDEEP
  
  6144:LmqQ4i1FFiEKOfh82fqBvbbuz+PTL6S6oQ07O:Spli12Au0O3oQ07O
Score

10^/10

quasar test discovery spyware trojan
- Quasar RAT
  Quasar is an open source Remote Access Tool.
  trojan spyware quasar
- Quasar family
  quasar
- Quasar payload
- Executes dropped EXE
- Loads dropped DLL
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Web Service

1

T1102

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Quasar RAT

Quasar family

Quasar payload

Executes dropped EXE

Loads dropped DLL

Legitimate hosting services abused for malware hosting/C2

Looks up external IP address via web service

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2