quasar | a87ef622f73e2193432c26ec41124b09acfd2154f6bdebf099e8d9145894f44a | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

a87ef622f7...4a.exe

windows7-x64

a87ef622f7...4a.exe

windows10-2004-x64

Sharing

General

Target

a87ef622f73e2193432c26ec41124b09acfd2154f6bdebf099e8d9145894f44a.exe
Size

375KB
Sample

241231-nr8q3aylcx
MD5

55029651ecad5f3be071b6abafb56d90
SHA1

a008e8d91c2725eb16e42c3800ace5492a32416e
SHA256

a87ef622f73e2193432c26ec41124b09acfd2154f6bdebf099e8d9145894f44a
SHA512

83dc82b2aa027ebd62aeceb15b6ae1e71a72da16f557833b8439cda6dded817799748a06ef7721931626d06b687a57fc4be56f1e8846d6e9a6708ad757afb903
SSDEEP

6144:YbqQ4i1FFiEKZVSQZzs5jQKbgQ203StbjjSQkzaozVVqHk:CpliPScgCy73StbjjSQkVzV0Hk

Score

10^/10

quasar authenticator discovery spyware trojan

Static task

static1

authenticator quasar

3 signatures

Behavioral task

behavioral1

Sample

a87ef622f73e2193432c26ec41124b09acfd2154f6bdebf099e8d9145894f44a.exe

Resource

win7-20240903-en

quasar authenticator discovery spyware trojan

windows7-x64

15 signatures

120 seconds

Behavioral task

behavioral2

Sample

a87ef622f73e2193432c26ec41124b09acfd2154f6bdebf099e8d9145894f44a.exe

Resource

win10v2004-20241007-en

quasar authenticator discovery spyware trojan

windows10-2004-x64

15 signatures

120 seconds

Malware Config

Extracted

Family

quasar

Version

1.3.0.0

Botnet

Authenticator

C2

iamaskibiditoilet-58299.portmap.host:58299

Mutex

QSR_MUTEX_bNzknSVeSVx21JnqhQ

Attributes

encryption_key
wAIAzlOLR0d5V3YI1aCM
install_name
Runtime Broker.exe
log_directory
Logs
reconnect_delay
3000
startup_key
Runtime Broker
subdirectory
SubDir

Targets

- Target
  
  a87ef622f73e2193432c26ec41124b09acfd2154f6bdebf099e8d9145894f44a.exe
- Size
  
  375KB
- MD5
  
  55029651ecad5f3be071b6abafb56d90
- SHA1
  
  a008e8d91c2725eb16e42c3800ace5492a32416e
- SHA256
  
  a87ef622f73e2193432c26ec41124b09acfd2154f6bdebf099e8d9145894f44a
- SHA512
  
  83dc82b2aa027ebd62aeceb15b6ae1e71a72da16f557833b8439cda6dded817799748a06ef7721931626d06b687a57fc4be56f1e8846d6e9a6708ad757afb903
- SSDEEP
  
  6144:YbqQ4i1FFiEKZVSQZzs5jQKbgQ203StbjjSQkzaozVVqHk:CpliPScgCy73StbjjSQkVzV0Hk
Score

10^/10

quasar authenticator discovery spyware trojan
- Quasar RAT
  Quasar is an open source Remote Access Tool.
  trojan spyware quasar
- Quasar family
  quasar
- Quasar payload
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

Remote System Discovery

System Information Discovery

System Location Discovery

System Language Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

authenticatorquasar

behavioral1

quasarauthenticatordiscoveryspywaretrojan

behavioral2

quasarauthenticatordiscoveryspywaretrojan

© 2018-2025

Terms | Privacy

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.