Overview

overview

10

Static

static

10

c565bb3338...56.exe

windows7-x64

10

c565bb3338...56.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    147s
  • max time network
    148s
  • platform
    windows7_x64
  • resource
    win7-20241010-en
  • resource tags

    arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
  • submitted
    02-01-2025 16:12

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    c565bb3338e9bf5ac88d863b70f27c72423ed1019c6820a750af28afa7e1e256.exe

  • Size

    3.1MB

  • MD5

    c8c92d292e375548f09cffb65c0de42a

  • SHA1

    b70bf3a0bf3f932105fafc34e9d90bfb3c0f3b76

  • SHA256

    c565bb3338e9bf5ac88d863b70f27c72423ed1019c6820a750af28afa7e1e256

  • SHA512

    1e551de73906983150f41e014c72c2e3eaa72bd0f4a7460a83a2016b517eb759838501a987000cdd5682dab15b1a2d9623c7c43bf732296598a42e0b7aa45454

  • SSDEEP

    49152:ECMzlETNWOcO0SzknwcX0pdOeNaWZDTQHHB72eh2NT:ECVXpzknwcIdOf

Score
10/10
quasarspywaretrojan

Malware Config

Extracted

Family

quasar

Mutex

"&Rj@���:@b;���

Attributes
  • encryption_key

    2F93492D384FEB71103635232F1BD56A2FEFBDE7

  • reconnect_delay

    3000

Signatures

  • Quasar RAT

    Quasar is an open source Remote Access Tool.

    trojanspywarequasar
  • Quasar family
    quasar
  • Quasar payload 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\c565bb3338e9bf5ac88d863b70f27c72423ed1019c6820a750af28afa7e1e256.exe
    "C:\Users\Admin\AppData\Local\Temp\c565bb3338e9bf5ac88d863b70f27c72423ed1019c6820a750af28afa7e1e256.exe"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of SetWindowsHookEx
    PID:2272

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2272-0-0x000007FEF5B13000-0x000007FEF5B14000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2272-1-0x0000000001310000-0x000000000163A000-memory.dmp

    Filesize

    3.2MB

    Download

  • memory/2272-2-0x000007FEF5B10000-0x000007FEF64FC000-memory.dmp

    Filesize

    9.9MB

    Download

  • memory/2272-3-0x000007FEF5B13000-0x000007FEF5B14000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2272-4-0x000007FEF5B10000-0x000007FEF64FC000-memory.dmp

    Filesize

    9.9MB

    Download