Overview

overview

10

Static

static

10

c565bb3338...56.exe

windows7-x64

10

c565bb3338...56.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    93s
  • max time network
    146s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    02-01-2025 16:15

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    c565bb3338e9bf5ac88d863b70f27c72423ed1019c6820a750af28afa7e1e256.exe

  • Size

    3.1MB

  • MD5

    c8c92d292e375548f09cffb65c0de42a

  • SHA1

    b70bf3a0bf3f932105fafc34e9d90bfb3c0f3b76

  • SHA256

    c565bb3338e9bf5ac88d863b70f27c72423ed1019c6820a750af28afa7e1e256

  • SHA512

    1e551de73906983150f41e014c72c2e3eaa72bd0f4a7460a83a2016b517eb759838501a987000cdd5682dab15b1a2d9623c7c43bf732296598a42e0b7aa45454

  • SSDEEP

    49152:ECMzlETNWOcO0SzknwcX0pdOeNaWZDTQHHB72eh2NT:ECVXpzknwcIdOf

Score
10/10
quasarspywaretrojan

Malware Config

Extracted

Family

quasar

Mutex

"&Rj@���:@b;���

Attributes
  • encryption_key

    2F93492D384FEB71103635232F1BD56A2FEFBDE7

  • reconnect_delay

    3000

Signatures

  • Quasar RAT

    Quasar is an open source Remote Access Tool.

    trojanspywarequasar
  • Quasar family
    quasar
  • Quasar payload 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\c565bb3338e9bf5ac88d863b70f27c72423ed1019c6820a750af28afa7e1e256.exe
    "C:\Users\Admin\AppData\Local\Temp\c565bb3338e9bf5ac88d863b70f27c72423ed1019c6820a750af28afa7e1e256.exe"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of SetWindowsHookEx
    PID:4056

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/4056-0-0x00007FF81EA33000-0x00007FF81EA35000-memory.dmp

    Filesize

    8KB

    Download

  • memory/4056-1-0x0000000000830000-0x0000000000B5A000-memory.dmp

    Filesize

    3.2MB

    Download

  • memory/4056-2-0x00007FF81EA30000-0x00007FF81F4F1000-memory.dmp

    Filesize

    10.8MB

    Download

  • memory/4056-3-0x000000001BC20000-0x000000001BC70000-memory.dmp

    Filesize

    320KB

    Download

  • memory/4056-4-0x000000001BD30000-0x000000001BDE2000-memory.dmp

    Filesize

    712KB

    Download

  • memory/4056-7-0x000000001BC90000-0x000000001BCA2000-memory.dmp

    Filesize

    72KB

    Download

  • memory/4056-8-0x000000001BCF0000-0x000000001BD2C000-memory.dmp

    Filesize

    240KB

    Download

  • memory/4056-9-0x00007FF81EA33000-0x00007FF81EA35000-memory.dmp

    Filesize

    8KB

    Download

  • memory/4056-10-0x00007FF81EA30000-0x00007FF81F4F1000-memory.dmp

    Filesize

    10.8MB

    Download