quasar | 2956ab71f5360eec21fef2b485e59c91705b043c08e5ec26a6b2122f6f80a9d0

General

Target

2956ab71f5360eec21fef2b485e59c91705b043c08e5ec26a6b2122f6f80a9d0.exe
Size

85.2MB
Sample

241219-npfmhasnfv
MD5

207d3610cb4305546ae3730c433cec24
SHA1

dbaa88cff0954154133da02cfe8945660fed53f7
SHA256

2956ab71f5360eec21fef2b485e59c91705b043c08e5ec26a6b2122f6f80a9d0
SHA512

0f803879d9feba1053b9a4306d62a9c9175cc0e96bf90dfa10cae8f909925a735e35d46d8bef44bd8a3a657dd27634d65cee3dcdc6400540d9819a09f394edf5
SSDEEP

393216:54TPZVLWruiFVks+9j54GXvitZQLCO5SXDqQu58EISEhoIaE2FShABZDv25PPa2o:5KRVQxhu0P8Lq1LEvxOOx5Sba

Score

10^/10

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

NEURO

C2

51.15.17.193:4782

Mutex

1f6c9ecc-c030-43a4-bbf2-21326400cbb5

Attributes

encryption_key
97599F6E5D14A784CC4DD36B18A277119042FDA8
install_name
Client.exe
log_directory
Logs
reconnect_delay
3000
startup_key
Quasar Client Startup
subdirectory
SubDir

Targets

- Target
  
  2956ab71f5360eec21fef2b485e59c91705b043c08e5ec26a6b2122f6f80a9d0.exe
- Size
  
  85.2MB
- MD5
  
  207d3610cb4305546ae3730c433cec24
- SHA1
  
  dbaa88cff0954154133da02cfe8945660fed53f7
- SHA256
  
  2956ab71f5360eec21fef2b485e59c91705b043c08e5ec26a6b2122f6f80a9d0
- SHA512
  
  0f803879d9feba1053b9a4306d62a9c9175cc0e96bf90dfa10cae8f909925a735e35d46d8bef44bd8a3a657dd27634d65cee3dcdc6400540d9819a09f394edf5
- SSDEEP
  
  393216:54TPZVLWruiFVks+9j54GXvitZQLCO5SXDqQu58EISEhoIaE2FShABZDv25PPa2o:5KRVQxhu0P8Lq1LEvxOOx5Sba
Score

10^/10

quasar neuro defense_evasion execution spyware trojan
- Quasar RAT
  Quasar is an open source Remote Access Tool.
  trojan spyware quasar
- Quasar family
  quasar
- Quasar payload
- System Binary Proxy Execution: Regsvcs/Regasm
  Abuse Regasm to proxy execution of malicious code.
  defense_evasion
- Drops startup file
- Executes dropped EXE
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

1

T1059

PowerShell

1

T1059.001

Persistence

Privilege Escalation

Defense Evasion

System Binary Proxy Execution

1

T1218

Regsvcs/Regasm

1

T1218.009

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Quasar RAT

Quasar family

Quasar payload

System Binary Proxy Execution: Regsvcs/Regasm

Drops startup file

Executes dropped EXE

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2