quasar | d0030ab6b4ed701eca6cad94f123517f564edb6a17ca33cbe6415cea10ac1401 | Triage

Submit
Reports

Overview

overview

Static

static

Client-built.exe

windows7-x64

Client-built.exe

windows10-2004-x64

Sharing

General

Target

Client-built.exe
Size

348KB
Sample

241213-h9m97askgs
MD5

e8ecdeb99f70e49718a4fc9986f86df3
SHA1

4f50bde0200a60dfe74a957a4f927e5648e2e78f
SHA256

d0030ab6b4ed701eca6cad94f123517f564edb6a17ca33cbe6415cea10ac1401
SHA512

f04bbab81c20eb22315914d20fa3d34761e0821592189b12c8821b311a3056f9c767bfc57eb41403c55a5eeb0cef50575686c1766ccfb164c5bb1892637c37ba
SSDEEP

6144:SRNHXf500Mr7ULWRbNlPyDg+Rve9cc6i0pzci:Kd50xUxs+RWGcdOzci

Score

10^/10

quasar test discovery spyware trojan

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

Client-built.exe

Resource

win7-20240708-en

quasar test discovery spyware trojan

windows7-x64

13 signatures

150 seconds

Behavioral task

behavioral2

Sample

Client-built.exe

Resource

win10v2004-20241007-en

quasar test discovery spyware trojan

windows10-2004-x64

19 signatures

150 seconds

Malware Config

Extracted

Family

quasar

Version

1.3.0.0

Botnet

Test

C2

5.tcp.eu.ngrok.io:13432

5.tcp.eu.ngrok.io:8080

Mutex

QSR_MUTEX_zDi3X3iiANcUc0nFPZ

Attributes

encryption_key
10b0G4xQi1VrldATZzJ7
install_name
win.exe
log_directory
Logs
reconnect_delay
3000
startup_key
Windows Runtime
subdirectory
SubDir

Targets

- Target
  
  Client-built.exe
- Size
  
  348KB
- MD5
  
  e8ecdeb99f70e49718a4fc9986f86df3
- SHA1
  
  4f50bde0200a60dfe74a957a4f927e5648e2e78f
- SHA256
  
  d0030ab6b4ed701eca6cad94f123517f564edb6a17ca33cbe6415cea10ac1401
- SHA512
  
  f04bbab81c20eb22315914d20fa3d34761e0821592189b12c8821b311a3056f9c767bfc57eb41403c55a5eeb0cef50575686c1766ccfb164c5bb1892637c37ba
- SSDEEP
  
  6144:SRNHXf500Mr7ULWRbNlPyDg+Rve9cc6i0pzci:Kd50xUxs+RWGcdOzci
Score

10^/10

quasar test discovery spyware trojan
- Quasar RAT
  Quasar is an open source Remote Access Tool.
  trojan spyware quasar
- Quasar family
  quasar
- Quasar payload
- Executes dropped EXE
- Loads dropped DLL
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

quasartestdiscoveryspywaretrojan

behavioral2

quasartestdiscoveryspywaretrojan

© 2018-2024

Terms | Privacy