quasar | 71188e7e78b2f453e8e8e1465f626b5ed8e31e024612fc451cd25cbf0656332e | Triage

Resubmissions

26-12-2024 16:11

241226-tmx2nazqal 10

Sharing

General

Target

Client-built.exe
Size

3.1MB
Sample

241226-tmx2nazqal
MD5

3d96f1810e5a9dd5f086eb77b72d379f
SHA1

45ee6a0ff48f793c8604326eb5e7df2cf7d4fc1a
SHA256

71188e7e78b2f453e8e8e1465f626b5ed8e31e024612fc451cd25cbf0656332e
SHA512

3ce8f80c32038427eebea6f220671bd62c8986a93f6223f7baa96d65a49351502bf317ab85d2b285d6c6c3363fbf24fa5a028cdafab2a902164a6ec6aa28807c
SSDEEP

49152:HvTlL26AaNeWgPhlmVqvMQ7XSKPR9/BxwLoGvRTHHB72eh2NT:HvJL26AaNeWgPhlmVqkQ7XSKPR96

Score

10^/10

quasar client04 spyware trojan

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

Client04

C2

stable-notably-hound.ngrok-free.app:4782

Mutex

0fb4199b-8dca-41a3-9119-beda5c96ed5a

Attributes

encryption_key
A5F0EE2DBE7A3009387617912AFB48C127E2B576
install_name
Client.exe
log_directory
Logs
reconnect_delay
3000
startup_key
Quasar Client Startup
subdirectory
SubDir

Targets

- Target
  
  Client-built.exe
- Size
  
  3.1MB
- MD5
  
  3d96f1810e5a9dd5f086eb77b72d379f
- SHA1
  
  45ee6a0ff48f793c8604326eb5e7df2cf7d4fc1a
- SHA256
  
  71188e7e78b2f453e8e8e1465f626b5ed8e31e024612fc451cd25cbf0656332e
- SHA512
  
  3ce8f80c32038427eebea6f220671bd62c8986a93f6223f7baa96d65a49351502bf317ab85d2b285d6c6c3363fbf24fa5a028cdafab2a902164a6ec6aa28807c
- SSDEEP
  
  49152:HvTlL26AaNeWgPhlmVqvMQ7XSKPR9/BxwLoGvRTHHB72eh2NT:HvJL26AaNeWgPhlmVqkQ7XSKPR96
Score

10^/10

quasar client04 spyware trojan
- Quasar RAT
  Quasar is an open source Remote Access Tool.
  trojan spyware quasar
- Quasar family
  quasar
- Quasar payload
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

quasarclient04spywaretrojan