quasar | 0c904ce53aeca5d0e078e752c24dc3bed47b74d22f9158b6b4fb56d55c178ae0

General

Target

0c904ce53aeca5d0e078e752c24dc3bed47b74d22f9158b6b4fb56d55c178ae0.zip
Size

29.6MB
Sample

241219-nw56qstlar
MD5

28aa0a10eb0ca8469e3fc4857bff7552
SHA1

4136d0e5c59bbbb3d89dbeb926ed9d38561c412d
SHA256

0c904ce53aeca5d0e078e752c24dc3bed47b74d22f9158b6b4fb56d55c178ae0
SHA512

279a4ab993f0efc6ef6ec5140f71905bd9f3120344bc666f0e9f36054fd706d145fcddcd713add6ffd6204b213c9c0900a69bea757622710b68dc87a43cc9f76
SSDEEP

786432:qgi48KFglmpGp2Ey3CuYTRb4lFBXDorLwDUzZsMX+lBLu5:qg/gyGp2E5ukb2dorUU2MmLu5

Score

10^/10

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

Viltrac

C2

51.15.17.193:4782

Mutex

d099b659-69af-41e2-9d7f-a5e64da5be06

Attributes

encryption_key
97599F6E5D14A784CC4DD36B18A277119042FDA8
install_name
Client.exe
log_directory
Logs
reconnect_delay
3000
startup_key
Quasar Client Startup
subdirectory
SubDir

Targets

- Target
  
  viltracoin-qt.exe
- Size
  
  82.5MB
- MD5
  
  959a666390a5dcad9994b132fd286ef8
- SHA1
  
  a2d17928f1e7178c25fe0dd07bdb3f2bd9f6c4ca
- SHA256
  
  4feb1b58d3941d021d0525cf544ea5df9fc3e3ed3d32a621801072ad3a5a4da8
- SHA512
  
  fcbe47048a4448c51b042832c8ff2766798682fb7cf4ce68e2b1523d6f14f39b1a43c7f3eec28005314c22e86060d476552606900e382c5c425abc729877b946
- SSDEEP
  
  393216:34TPZVLWruiFVks+9j54GXvitZQLCO5SXDqQu58EISEhoIaE2FShABZDv25PPa2X:3KRVQxhu0P8Lq1LEvxOOx5Sh
Score

10^/10

quasar viltrac defense_evasion execution spyware trojan
- Quasar RAT
  Quasar is an open source Remote Access Tool.
  trojan spyware quasar
- Quasar family
  quasar
- Quasar payload
- System Binary Proxy Execution: Regsvcs/Regasm
  Abuse Regasm to proxy execution of malicious code.
  defense_evasion
- Drops startup file
- Executes dropped EXE
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

1

T1059

PowerShell

1

T1059.001

Persistence

Privilege Escalation

Defense Evasion

System Binary Proxy Execution

1

T1218

Regsvcs/Regasm

1

T1218.009

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Quasar RAT

Quasar family

Quasar payload

System Binary Proxy Execution: Regsvcs/Regasm

Drops startup file

Executes dropped EXE

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2