quasar | c75b5b56db4572b061ba8a096e58e43a9cd4d47203ceb2152ae03646a7cb8694 | Triage

Sharing

General

Target

SeronTest.exe
Size

3.1MB
Sample

241228-mn7h6axrdm
MD5

48acd4292ff6945cfc14c1c9fd9a764e
SHA1

5e4c15dfd00432fcb731ac0fa4190cda1d314e0e
SHA256

c75b5b56db4572b061ba8a096e58e43a9cd4d47203ceb2152ae03646a7cb8694
SHA512

e3a6b1c58dcf80d40f25dc434b9260ef1e35e904b1592e8b21dcad34cb8ffe8362b6243c89b78721f2d8c17e0e69cebd2272d47e2fcb05ffaa0aa5b00516f845
SSDEEP

98304:J7NGe5a2R/OYslkwkzycLcAI6jfdZhETdC:JNTg2RtsllkecYANjffhETg

Score

10^/10

quasar seron discovery execution spyware trojan

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

Seron

C2

nigeboc465-58875.portmap.host:58875

Mutex

eb8602ec-8a0d-4322-b9a0-544571be5a2d

Attributes

encryption_key
8BD9150EEC3DA71ED82080D7AEB7C165A58C889F
install_name
f8mk7ZGwVUpulm.exe
log_directory
Logs
reconnect_delay
3000
startup_key
f8mk7ZGwVUpulm
subdirectory
SubDir

Targets

- Target
  
  SeronTest.exe
- Size
  
  3.1MB
- MD5
  
  48acd4292ff6945cfc14c1c9fd9a764e
- SHA1
  
  5e4c15dfd00432fcb731ac0fa4190cda1d314e0e
- SHA256
  
  c75b5b56db4572b061ba8a096e58e43a9cd4d47203ceb2152ae03646a7cb8694
- SHA512
  
  e3a6b1c58dcf80d40f25dc434b9260ef1e35e904b1592e8b21dcad34cb8ffe8362b6243c89b78721f2d8c17e0e69cebd2272d47e2fcb05ffaa0aa5b00516f845
- SSDEEP
  
  98304:J7NGe5a2R/OYslkwkzycLcAI6jfdZhETdC:JNTg2RtsllkecYANjffhETg
Score

10^/10

quasar seron discovery execution spyware trojan
- Quasar RAT
  Quasar is an open source Remote Access Tool.
  trojan spyware quasar
- Quasar family
  quasar
- Quasar payload
- Executes dropped EXE
- Loads dropped DLL
- Command and Scripting Interpreter: PowerShell
  Using powershell.exe command.
  execution
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

quasarserondiscoveryexecutionspywaretrojan

behavioral2

quasarserondiscoveryexecutionspywaretrojan