quasar | 36ea2fb6f0b7279ea15e54dba6d2c41a00bc3f56e26a59e1bf21867865b2e2db | Triage

Submit
Reports

Overview

overview

Static

static

Rev's External.exe

windows7-x64

Rev's External.exe

windows10-2004-x64

Sharing

General

Target

Rev's External.exe
Size

3.1MB
Sample

241227-ldcelatnhq
MD5

abdb9928a2443e939fd0e3b2758fac86
SHA1

963518e3d31b32ade1faa2d3ad4a5f29f4a94718
SHA256

36ea2fb6f0b7279ea15e54dba6d2c41a00bc3f56e26a59e1bf21867865b2e2db
SHA512

3b21a68634fe6c467de89614a7719aed29d664d83857dc3f9684eaa96a155e349aa471bf2bd7a526e201de4805ce2072224de0bb6763490fce6da61b089eb2bb
SSDEEP

49152:Xvluf2NUaNmwzPWlvdaKM7ZxTwi0zBBxLSoGd5THHB72eh2NT:Xvwf2NUaNmwzPWlvdaB7ZxTwJz8

Score

10^/10

quasar aurareal discovery spyware trojan

Static task

static1

aurareal quasar

3 signatures

Behavioral task

behavioral1

Sample

Rev's External.exe

Resource

win7-20241023-en

quasar aurareal discovery spyware trojan

windows7-x64

14 signatures

150 seconds

Behavioral task

behavioral2

Sample

Rev's External.exe

Resource

win10v2004-20241007-en

quasar aurareal discovery spyware trojan

windows10-2004-x64

15 signatures

150 seconds

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

AuraReal

C2

tcp://auraboyy-27610.portmap.host:23133 => 4782:23133

Mutex

23455755-5d9f-40df-b240-406c00706fe9

Attributes

encryption_key
2482B7514A53EC61E5CFC0A64CF01CDEB49C6056
install_name
Win64.exe
log_directory
Logs
reconnect_delay
3000
startup_key
Windows Update
subdirectory
Extras

Targets

- Target
  
  Rev's External.exe
- Size
  
  3.1MB
- MD5
  
  abdb9928a2443e939fd0e3b2758fac86
- SHA1
  
  963518e3d31b32ade1faa2d3ad4a5f29f4a94718
- SHA256
  
  36ea2fb6f0b7279ea15e54dba6d2c41a00bc3f56e26a59e1bf21867865b2e2db
- SHA512
  
  3b21a68634fe6c467de89614a7719aed29d664d83857dc3f9684eaa96a155e349aa471bf2bd7a526e201de4805ce2072224de0bb6763490fce6da61b089eb2bb
- SSDEEP
  
  49152:Xvluf2NUaNmwzPWlvdaKM7ZxTwi0zBBxLSoGd5THHB72eh2NT:Xvwf2NUaNmwzPWlvdaB7ZxTwJz8
Score

10^/10

quasar aurareal discovery spyware trojan
- Quasar RAT
  Quasar is an open source Remote Access Tool.
  trojan spyware quasar
- Quasar family
  quasar
- Quasar payload
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

Remote System Discovery

System Information Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

quasaraurarealdiscoveryspywaretrojan

behavioral2

quasaraurarealdiscoveryspywaretrojan

© 2018-2024

Terms | Privacy