quasar | dac0e42cfa82a24f701aaf85aaf09fe6c429d7820b90a9050a381e5c540cb949

General

Target

dac0e42cfa82a24f701aaf85aaf09fe6c429d7820b90a9050a381e5c540cb949.exe
Size

83.0MB
Sample

241220-hljbbssmby
MD5

4117eceb35a8705eba8b0ed2148ad7d7
SHA1

1f0f47d0f8fc9f7d11467681473c563bf3624834
SHA256

dac0e42cfa82a24f701aaf85aaf09fe6c429d7820b90a9050a381e5c540cb949
SHA512

ad1fb197cf8fc7ebc536bd8787b655e8bd947e23ea64ad7a6da16238f5d4b4f8b3f0e30efc01ce0c0bc27f31dad1afdd97bb13aae3992a78e5214c7b761c4fe0
SSDEEP

393216:T4TPZVLWruiFVks+9j54GXvitZQLCO5SXDqQu58EISEhoIaE2FShABZDv25PPa2W:TKRVQxhu0P8Lq1LEvxOOx5Sk

Score

10^/10

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

Staking

C2

51.15.17.193:4782

Mutex

ff4f56ac-24e1-40ed-bb5c-e0b45b489ee4

Attributes

encryption_key
97599F6E5D14A784CC4DD36B18A277119042FDA8
install_name
Client.exe
log_directory
Logs
reconnect_delay
3000
startup_key
Quasar Client Startup
subdirectory
SubDir

Targets

- Target
  
  dac0e42cfa82a24f701aaf85aaf09fe6c429d7820b90a9050a381e5c540cb949.exe
- Size
  
  83.0MB
- MD5
  
  4117eceb35a8705eba8b0ed2148ad7d7
- SHA1
  
  1f0f47d0f8fc9f7d11467681473c563bf3624834
- SHA256
  
  dac0e42cfa82a24f701aaf85aaf09fe6c429d7820b90a9050a381e5c540cb949
- SHA512
  
  ad1fb197cf8fc7ebc536bd8787b655e8bd947e23ea64ad7a6da16238f5d4b4f8b3f0e30efc01ce0c0bc27f31dad1afdd97bb13aae3992a78e5214c7b761c4fe0
- SSDEEP
  
  393216:T4TPZVLWruiFVks+9j54GXvitZQLCO5SXDqQu58EISEhoIaE2FShABZDv25PPa2W:TKRVQxhu0P8Lq1LEvxOOx5Sk
Score

10^/10

quasar staking defense_evasion execution spyware trojan
- Quasar RAT
  Quasar is an open source Remote Access Tool.
  trojan spyware quasar
- Quasar family
  quasar
- Quasar payload
- System Binary Proxy Execution: Regsvcs/Regasm
  Abuse Regasm to proxy execution of malicious code.
  defense_evasion
- Drops startup file
- Executes dropped EXE
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

1

T1059

PowerShell

1

T1059.001

Persistence

Privilege Escalation

Defense Evasion

System Binary Proxy Execution

1

T1218

Regsvcs/Regasm

1

T1218.009

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Quasar RAT

Quasar family

Quasar payload

System Binary Proxy Execution: Regsvcs/Regasm

Drops startup file

Executes dropped EXE

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2