quasar | c65b83606a089611551d7bf9bc8d4956d862fb37f6bec4e76b247bbbd98c4934 | Triage

Sharing

General

Target

c65b83606a089611551d7bf9bc8d4956d862fb37f6bec4e76b247bbbd98c4934.exe
Size

341KB
Sample

241218-ltppvsvndn
MD5

57ada6de9e6c1ca1ed2045a4644fde8e
SHA1

a4a67a013064965d7a926949a1db93fd8b9d9b44
SHA256

c65b83606a089611551d7bf9bc8d4956d862fb37f6bec4e76b247bbbd98c4934
SHA512

0e558ebbc07da774b42dbc5adab006cd65b2254e4dde4d1d9f721c043cc36799d1eacfb8c4e8a21173dc5418c3486b6b446d03d73b27f77981f56025cb1febb7
SSDEEP

6144:oLRmi19KZRIo4sY7d+nTzTzTFPsWo2bMmIo7+vfep09:m19KIonkditIoufI09

Score

10^/10

quasar chamutlda discovery spyware trojan

Malware Config

Extracted

Family

quasar

Version

1.3.0.0

Botnet

CHAMUTLDA

C2

xowite7203-56864.portmap.host:56864

Mutex

QSR_MUTEX_b1MzVBeB2fgsMGAB8R

Attributes

encryption_key
A4r7dFvwva7oUnxJWxHI
install_name
Client.exe
log_directory
Logs
reconnect_delay
3000
startup_key
System
subdirectory
System32

Targets

- Target
  
  c65b83606a089611551d7bf9bc8d4956d862fb37f6bec4e76b247bbbd98c4934.exe
- Size
  
  341KB
- MD5
  
  57ada6de9e6c1ca1ed2045a4644fde8e
- SHA1
  
  a4a67a013064965d7a926949a1db93fd8b9d9b44
- SHA256
  
  c65b83606a089611551d7bf9bc8d4956d862fb37f6bec4e76b247bbbd98c4934
- SHA512
  
  0e558ebbc07da774b42dbc5adab006cd65b2254e4dde4d1d9f721c043cc36799d1eacfb8c4e8a21173dc5418c3486b6b446d03d73b27f77981f56025cb1febb7
- SSDEEP
  
  6144:oLRmi19KZRIo4sY7d+nTzTzTFPsWo2bMmIo7+vfep09:m19KIonkditIoufI09
Score

10^/10

quasar chamutlda discovery spyware trojan
- Quasar RAT
  Quasar is an open source Remote Access Tool.
  trojan spyware quasar
- Quasar family
  quasar
- Quasar payload
- Executes dropped EXE
- Loads dropped DLL
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

chamutldaquasar

behavioral1

quasarchamutldadiscoveryspywaretrojan

behavioral2

quasarchamutldadiscoveryspywaretrojan