quasar | 9c3d53c7723bfdd037df85de4c26efcd5e6f4ad58cc24f7a38a774bf22de3876 | Triage

Sharing

General

Target

kk.cmd
Size

4.2MB
Sample

241219-wlzj7sxngm
MD5

dd89f166318c7640673dc83253874f85
SHA1

c6d10f65f6ff4df23404ac521f1d3db79264657e
SHA256

9c3d53c7723bfdd037df85de4c26efcd5e6f4ad58cc24f7a38a774bf22de3876
SHA512

c2c61f22626a862ad4622c98473ef62453e8c0f966e9a8f811f2ff3151af424215bab527a21fe3d7f7de44e674a2f116edc915e5774817acb401980ab27fcda5
SSDEEP

49152:r2wTjdVohnHVy2BvdhqhKFLHVr1vpvnIALaU8:J

Score

10^/10

quasar kdot execution spyware trojan

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

kdot

C2

captchacdn.com:7000

Mutex

989fc24d-b096-453b-836b-1510c023cb6a

Attributes

encryption_key
608C2EF7FA3C5E6905B737821BA5F1BF71A72757
install_name
Client.exe
log_directory
Logs
reconnect_delay
3000
startup_key
Quasar Client Startup
subdirectory
SubDir

Targets

- Target
  
  kk.cmd
- Size
  
  4.2MB
- MD5
  
  dd89f166318c7640673dc83253874f85
- SHA1
  
  c6d10f65f6ff4df23404ac521f1d3db79264657e
- SHA256
  
  9c3d53c7723bfdd037df85de4c26efcd5e6f4ad58cc24f7a38a774bf22de3876
- SHA512
  
  c2c61f22626a862ad4622c98473ef62453e8c0f966e9a8f811f2ff3151af424215bab527a21fe3d7f7de44e674a2f116edc915e5774817acb401980ab27fcda5
- SSDEEP
  
  49152:r2wTjdVohnHVy2BvdhqhKFLHVr1vpvnIALaU8:J
Score

10^/10

quasar kdot execution spyware trojan
- Quasar RAT
  Quasar is an open source Remote Access Tool.
  trojan spyware quasar
- Quasar family
  quasar
- Quasar payload
- Blocklisted process makes network request
- Command and Scripting Interpreter: PowerShell
  Run Powershell and hide display window.
  execution
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

quasarkdotexecutionspywaretrojan