quasar | e848b330ee5a8bd5ae1f6b991551e30a4a5b2e5deeb4718a15b2122101f2c270 | Triage

Submit
Reports

Overview

overview

Static

static

Java32.exe

windows7-x64

Java32.exe

windows10-2004-x64

Sharing

General

Target

Java32.exe
Size

3.3MB
Sample

241216-g928nsykgz
MD5

bc884c0edbc8df559985b42fdd2fc985
SHA1

9611a03c424e0285ab1a8ea9683918ce7b5909ab
SHA256

e848b330ee5a8bd5ae1f6b991551e30a4a5b2e5deeb4718a15b2122101f2c270
SHA512

1b8c97d500de45fbf994dcd9bf65cc78106a62ff0770a362add18866cceebbe9f5e157a77d26cb0d0d8de89abe3d446bc911f33e7027fa8f8809d2720b0cedcc
SSDEEP

49152:BvmI22SsaNYfdPBldt698dBcjHideEErHFk/uVSoGdf3THHB72eh2NT:Bvr22SsaNYfdPBldt6+dBcjHidel8

Score

10^/10

quasar java discovery spyware trojan

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

Java32.exe

Resource

win7-20241010-en

quasar java discovery spyware trojan

windows7-x64

14 signatures

150 seconds

Behavioral task

behavioral2

Sample

Java32.exe

Resource

win10v2004-20241007-en

quasar java discovery spyware trojan

windows10-2004-x64

15 signatures

150 seconds

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

Java

C2

dez345-37245.portmap.host:37245

Mutex

f0e53bcd-851e-44af-8fd5-07d8ab5ed968

Attributes

encryption_key
65439CE7DEF3E0FAF01C526FEA90388C9FD487A1
install_name
java.exe
log_directory
Logs
reconnect_delay
3000
startup_key
java ©
subdirectory
Programfiles

Targets

- Target
  
  Java32.exe
- Size
  
  3.3MB
- MD5
  
  bc884c0edbc8df559985b42fdd2fc985
- SHA1
  
  9611a03c424e0285ab1a8ea9683918ce7b5909ab
- SHA256
  
  e848b330ee5a8bd5ae1f6b991551e30a4a5b2e5deeb4718a15b2122101f2c270
- SHA512
  
  1b8c97d500de45fbf994dcd9bf65cc78106a62ff0770a362add18866cceebbe9f5e157a77d26cb0d0d8de89abe3d446bc911f33e7027fa8f8809d2720b0cedcc
- SSDEEP
  
  49152:BvmI22SsaNYfdPBldt698dBcjHideEErHFk/uVSoGdf3THHB72eh2NT:Bvr22SsaNYfdPBldt6+dBcjHidel8
Score

10^/10

quasar java discovery spyware trojan
- Quasar RAT
  Quasar is an open source Remote Access Tool.
  trojan spyware quasar
- Quasar family
  quasar
- Quasar payload
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

Remote System Discovery

System Information Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

quasarjavadiscoveryspywaretrojan

behavioral2

quasarjavadiscoveryspywaretrojan

© 2018-2024

Terms | Privacy