quasar | 4146288cd858e72cc246c03bae1cf61494a575366c4e0e86f7c824455b938388 | Triage

Submit
Reports

Overview

overview

Static

static

AdobePDFReader.exe

windows7-x64

AdobePDFReader.exe

windows10-2004-x64

Sharing

General

Target

AdobePDFReader.exe
Size

3.4MB
Sample

250102-kee2fawldj
MD5

9d6f812bb326e1ff2bddd78747fbee25
SHA1

e2c511d7634e02166a3ca7645b631e124767e216
SHA256

4146288cd858e72cc246c03bae1cf61494a575366c4e0e86f7c824455b938388
SHA512

12783e33c8d3a0bb0d284e300158155aa52c9a44635565a8bc53dbfcd0ff976d32983cae732e07ed207ad5bb0283ba23a88f2d426781fcbd16e8dd1b72508191
SSDEEP

49152:wvmlW2p9agXI2PrlTnr4BZmFze02sk9hEvJQLoGdhTHHB72eh2NT:wveW2p9agXI2PrlTnrmZmFzePhD

Score

10^/10

quasar pdf spyware trojan

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

AdobePDFReader.exe

Resource

win7-20241010-en

quasar pdf spyware trojan

windows7-x64

10 signatures

150 seconds

Behavioral task

behavioral2

Sample

AdobePDFReader.exe

Resource

win10v2004-20241007-en

quasar pdf spyware trojan

windows10-2004-x64

10 signatures

150 seconds

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

PDF

C2

opbrghost-23030.portmap.host:27876

ghostopbr2-31034.portmap.host:1234

trackopbr2.ddns.net:1234

ghostopbr2-31034.portmap.host:31034

Mutex

1bfd6271-eb49-4e9c-8bcb-3434a8d1ce46

Attributes

encryption_key
15ABC767973F155DA890D96E8ED7EB1946705743
install_name
AdobePDFReader.exe
log_directory
Logs
reconnect_delay
300
startup_key
Adobe PDF Reader
subdirectory
SubDir

Targets

- Target
  
  AdobePDFReader.exe
- Size
  
  3.4MB
- MD5
  
  9d6f812bb326e1ff2bddd78747fbee25
- SHA1
  
  e2c511d7634e02166a3ca7645b631e124767e216
- SHA256
  
  4146288cd858e72cc246c03bae1cf61494a575366c4e0e86f7c824455b938388
- SHA512
  
  12783e33c8d3a0bb0d284e300158155aa52c9a44635565a8bc53dbfcd0ff976d32983cae732e07ed207ad5bb0283ba23a88f2d426781fcbd16e8dd1b72508191
- SSDEEP
  
  49152:wvmlW2p9agXI2PrlTnr4BZmFze02sk9hEvJQLoGdhTHHB72eh2NT:wveW2p9agXI2PrlTnrmZmFzePhD
Score

10^/10

quasar pdf spyware trojan
- Quasar RAT
  Quasar is an open source Remote Access Tool.
  trojan spyware quasar
- Quasar family
  quasar
- Quasar payload
- Executes dropped EXE
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

quasarpdfspywaretrojan

behavioral2

quasarpdfspywaretrojan

© 2018-2025

Terms | Privacy