quasar | 0fa0a6df35785b0dd29b7191158f0730984ee72cde5562ee48cb8cc9d637a1dd | Triage

Sharing

General

Target

0fa0a6df35785b0dd29b7191158f0730984ee72cde5562ee48cb8cc9d637a1dd.exe
Size

5.9MB
Sample

241220-cl5lnsxkfj
MD5

b76667c1f978c6c98bbba2dfd7e315d2
SHA1

570de2264b32de819e7f02d6d5c8d4ce15277107
SHA256

0fa0a6df35785b0dd29b7191158f0730984ee72cde5562ee48cb8cc9d637a1dd
SHA512

6748b3cbd7ba55896d9ca767e83503cbfabbcfa0e47f83a4034a2a7ef255ec9adcdca38f5d5a0ee86cfcfd2cebd75990d740ec87a1554f4d4c96995748b8a77e
SSDEEP

98304:6+MUi7WbyjWfmd5hjVAlVZCBLJ/KwiNElydmw+q2Sg4:TMVzjWyj51TiNEmmwOSg4

Score

10^/10

quasar staking spyware trojan

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

Staking

C2

51.15.17.193:4782

Mutex

ff4f56ac-24e1-40ed-bb5c-e0b45b489ee4

Attributes

encryption_key
97599F6E5D14A784CC4DD36B18A277119042FDA8
install_name
Client.exe
log_directory
Logs
reconnect_delay
3000
startup_key
Quasar Client Startup
subdirectory
SubDir

Targets

- Target
  
  0fa0a6df35785b0dd29b7191158f0730984ee72cde5562ee48cb8cc9d637a1dd.exe
- Size
  
  5.9MB
- MD5
  
  b76667c1f978c6c98bbba2dfd7e315d2
- SHA1
  
  570de2264b32de819e7f02d6d5c8d4ce15277107
- SHA256
  
  0fa0a6df35785b0dd29b7191158f0730984ee72cde5562ee48cb8cc9d637a1dd
- SHA512
  
  6748b3cbd7ba55896d9ca767e83503cbfabbcfa0e47f83a4034a2a7ef255ec9adcdca38f5d5a0ee86cfcfd2cebd75990d740ec87a1554f4d4c96995748b8a77e
- SSDEEP
  
  98304:6+MUi7WbyjWfmd5hjVAlVZCBLJ/KwiNElydmw+q2Sg4:TMVzjWyj51TiNEmmwOSg4
Score

10^/10

quasar staking spyware trojan
- Quasar RAT
  Quasar is an open source Remote Access Tool.
  trojan spyware quasar
- Quasar family
  quasar
- Quasar payload
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

quasarstakingspywaretrojan

behavioral2

quasarstakingspywaretrojan