General
-
Target
f672fca65253e29223346f9f19468bcf77345414d8bb85f58a1f15425dcb6d6f
-
Size
2.4MB
-
Sample
241229-3ad8fszndq
-
MD5
784260bbf2c8f92a2cd0552900a1983e
-
SHA1
1eb1608eb7aabf22f3080685f15672a7986e5b95
-
SHA256
f672fca65253e29223346f9f19468bcf77345414d8bb85f58a1f15425dcb6d6f
-
SHA512
c60df4c3646dd957361041e7298c06d0777c0d539739157b1a517a4ce6d3013a9e1d515f19d29b17a4ffcd93b05f4c02fbce23656dc00985d3f14e6604bbb1a6
-
SSDEEP
49152:3KOKKMIKOMSSMgyzMQPNNg6qP9GpwqkEpaAo7Yryvs+Nio:3KOKQ9pqP9GeKo7Yryvs+
Malware Config
Extracted
quasar
1.3.0.0
2025
win32updatess.duckdns.org:1
QSR_MUTEX_VKitseSn9Cn8XocDzU
-
encryption_key
dz4iQKTjWYrscDgj45Ki
-
install_name
Client.exe
-
log_directory
Logs
-
reconnect_delay
3000
-
startup_key
Quasar Client Startup
-
subdirectory
SubDir
Targets
-
-
Target
f672fca65253e29223346f9f19468bcf77345414d8bb85f58a1f15425dcb6d6f
-
Size
2.4MB
-
MD5
784260bbf2c8f92a2cd0552900a1983e
-
SHA1
1eb1608eb7aabf22f3080685f15672a7986e5b95
-
SHA256
f672fca65253e29223346f9f19468bcf77345414d8bb85f58a1f15425dcb6d6f
-
SHA512
c60df4c3646dd957361041e7298c06d0777c0d539739157b1a517a4ce6d3013a9e1d515f19d29b17a4ffcd93b05f4c02fbce23656dc00985d3f14e6604bbb1a6
-
SSDEEP
49152:3KOKKMIKOMSSMgyzMQPNNg6qP9GpwqkEpaAo7Yryvs+Nio:3KOKQ9pqP9GeKo7Yryvs+
Score10/10-
Quasar RAT
Quasar is an open source Remote Access Tool.
-
Quasar family
-
Quasar payload
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Drops startup file
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-