quasar | 533d8476431fefd3f83fd39d66366277b2420a549cb01e9232f558b2617871fc | Triage

Submit
Reports

Overview

overview

Static

static

533d847643...fc.exe

windows7-x64

533d847643...fc.exe

windows10-2004-x64

Sharing

General

Target

533d8476431fefd3f83fd39d66366277b2420a549cb01e9232f558b2617871fc
Size

502KB
Sample

241216-nf71dsyjb1
MD5

a9c9735f6e34482c1cdd09e347a98787
SHA1

6214e43cdc3fd17978955abf9c01a8d8c3ea791e
SHA256

533d8476431fefd3f83fd39d66366277b2420a549cb01e9232f558b2617871fc
SHA512

084b40e683d88e8eda7a60047f1a640310455986629a63382b3b6ffa6a91f295b47963e2ba52115cb113f57f1f727f2adb98f910a9adca1596af242f266b4a50
SSDEEP

6144:sTEgdc0YeX1uRabMR0FdOWbYZTR9UbGzcEKVb8F9ywLlqlHcTR3t:sTEgdfYzRa9uza6FL4lHcdt

Score

10^/10

quasar target discovery spyware trojan

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

533d8476431fefd3f83fd39d66366277b2420a549cb01e9232f558b2617871fc.exe

Resource

win7-20240903-en

quasar target discovery spyware trojan

windows7-x64

12 signatures

150 seconds

Behavioral task

behavioral2

Sample

533d8476431fefd3f83fd39d66366277b2420a549cb01e9232f558b2617871fc.exe

Resource

win10v2004-20241007-en

quasar target discovery spyware trojan

windows10-2004-x64

13 signatures

150 seconds

Malware Config

Extracted

Family

quasar

Version

1.4.0

Botnet

Target

C2

127.0.0.1:6070

affasdqa.ddns.net:6070

haffasdqa.duckdns.org:6070

Mutex

670d21b7-71ed-4958-9ba7-a58fa54d8203

Attributes

encryption_key
25B2622CE0635F9A273AB61B1B7D7B94220AC509
install_name
svhoste.exe
log_directory
Logs
reconnect_delay
3000
startup_key
svhoste
subdirectory
SubDir

Targets

- Target
  
  533d8476431fefd3f83fd39d66366277b2420a549cb01e9232f558b2617871fc
- Size
  
  502KB
- MD5
  
  a9c9735f6e34482c1cdd09e347a98787
- SHA1
  
  6214e43cdc3fd17978955abf9c01a8d8c3ea791e
- SHA256
  
  533d8476431fefd3f83fd39d66366277b2420a549cb01e9232f558b2617871fc
- SHA512
  
  084b40e683d88e8eda7a60047f1a640310455986629a63382b3b6ffa6a91f295b47963e2ba52115cb113f57f1f727f2adb98f910a9adca1596af242f266b4a50
- SSDEEP
  
  6144:sTEgdc0YeX1uRabMR0FdOWbYZTR9UbGzcEKVb8F9ywLlqlHcTR3t:sTEgdfYzRa9uza6FL4lHcdt
Score

10^/10

quasar target discovery spyware trojan
- Quasar RAT
  Quasar is an open source Remote Access Tool.
  trojan spyware quasar
- Quasar family
  quasar
- Quasar payload
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

Remote System Discovery

System Information Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

quasartargetdiscoveryspywaretrojan

behavioral2

quasartargetdiscoveryspywaretrojan

© 2018-2024

Terms | Privacy