Overview

overview

10

Static

static

10

c565bb3338...56.exe

windows7-x64

10

c565bb3338...56.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    150s
  • max time network
    149s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    02-01-2025 16:12

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    c565bb3338e9bf5ac88d863b70f27c72423ed1019c6820a750af28afa7e1e256.exe

  • Size

    3.1MB

  • MD5

    c8c92d292e375548f09cffb65c0de42a

  • SHA1

    b70bf3a0bf3f932105fafc34e9d90bfb3c0f3b76

  • SHA256

    c565bb3338e9bf5ac88d863b70f27c72423ed1019c6820a750af28afa7e1e256

  • SHA512

    1e551de73906983150f41e014c72c2e3eaa72bd0f4a7460a83a2016b517eb759838501a987000cdd5682dab15b1a2d9623c7c43bf732296598a42e0b7aa45454

  • SSDEEP

    49152:ECMzlETNWOcO0SzknwcX0pdOeNaWZDTQHHB72eh2NT:ECVXpzknwcIdOf

Score
10/10
quasarspywaretrojan

Malware Config

Extracted

Family

quasar

Mutex

"&Rj@���:@b;���

Attributes
  • encryption_key

    2F93492D384FEB71103635232F1BD56A2FEFBDE7

  • reconnect_delay

    3000

Signatures

  • Quasar RAT

    Quasar is an open source Remote Access Tool.

    trojanspywarequasar
  • Quasar family
    quasar
  • Quasar payload 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\c565bb3338e9bf5ac88d863b70f27c72423ed1019c6820a750af28afa7e1e256.exe
    "C:\Users\Admin\AppData\Local\Temp\c565bb3338e9bf5ac88d863b70f27c72423ed1019c6820a750af28afa7e1e256.exe"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of SetWindowsHookEx
    PID:1840

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1840-0-0x00007FFF30AC3000-0x00007FFF30AC5000-memory.dmp

    Filesize

    8KB

    Download

  • memory/1840-1-0x0000000000AB0000-0x0000000000DDA000-memory.dmp

    Filesize

    3.2MB

    Download

  • memory/1840-2-0x00007FFF30AC0000-0x00007FFF31581000-memory.dmp

    Filesize

    10.8MB

    Download

  • memory/1840-3-0x000000001B940000-0x000000001B990000-memory.dmp

    Filesize

    320KB

    Download

  • memory/1840-4-0x000000001D7C0000-0x000000001D872000-memory.dmp

    Filesize

    712KB

    Download

  • memory/1840-7-0x000000001D780000-0x000000001D792000-memory.dmp

    Filesize

    72KB

    Download

  • memory/1840-8-0x000000001E100000-0x000000001E13C000-memory.dmp

    Filesize

    240KB

    Download

  • memory/1840-9-0x00007FFF30AC3000-0x00007FFF30AC5000-memory.dmp

    Filesize

    8KB

    Download

  • memory/1840-10-0x00007FFF30AC0000-0x00007FFF31581000-memory.dmp

    Filesize

    10.8MB

    Download