quasar | 0167056e31996433544969f92a7bd0e79e44c4a56660e9c054b23ef0d707bf23 | Triage

Sharing

General

Target

Windows-virus.zip
Size

1.2MB
Sample

241230-tx6fsaskgw
MD5

e40fa1f36296d7a2d6727d29e79e569f
SHA1

e5ef3afa225d7fa6c9a5268818e85af0cd84d92b
SHA256

0167056e31996433544969f92a7bd0e79e44c4a56660e9c054b23ef0d707bf23
SHA512

68b739369cd0a56d092eb62991a879a3679a74a47c2ac31a5a80aa1c2ef7dfcd26e5636ff57beb8c0c5be67b334c256f32d92a7d5ca227ccbd449809c302c0cf
SSDEEP

24576:g6Iw4L6y5A9kY6wqxMsN2FrqbaQoiPOP5x2BDERcjbeKxnF4GH03j:TIw4JEV652FrfxD+Dzw

Score

10^/10

quasar pedo spyware trojan

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

Pedo

C2

82.65.180.207:5986

Mutex

a4c2b814-ab22-4cf2-9f11-52931b6b15b3

Attributes

encryption_key
6A4706C957DF851DA854AED16AB5CE4562B9C4D4
install_name
serv-microsoft.exe
log_directory
Logs
reconnect_delay
4000
startup_key
windows
subdirectory
SubDir

Targets

- Target
  
  Windows.exe
- Size
  
  3.2MB
- MD5
  
  2a2ec1a8ea615248287faf97abd445e5
- SHA1
  
  0eea3289dec3fb5c6efa3c09bc65796fd71ffcbf
- SHA256
  
  75ed322604b0d21200fce3180cd91a659dfb0f788cc8037e32305054364a90bb
- SHA512
  
  0911c8bc8992ec1f36e4be276b59cc285a15fdaf2ad6abc724dbe26de8455bb752bec6d0c8aca6e14be303c6474292d3ce64cd5348be8ba2450a6323138fd30d
- SSDEEP
  
  49152:Hv2I22SsaNYfdPBldt698dBcjH8JRJ6BbR3LoGdujTHHB72eh2NT:Hvb22SsaNYfdPBldt6+dBcjH8JRJ6j
Score

10^/10

quasar pedo spyware trojan
- Quasar RAT
  Quasar is an open source Remote Access Tool.
  trojan spyware quasar
- Quasar family
  quasar
- Quasar payload
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

quasarpedospywaretrojan

behavioral2

quasarpedospywaretrojan