quasar | 9d07e30f2a7238a495be924fa99761dd7e0dd300ec310e7d2d457ad7e6959b36 | Triage

Sharing

General

Target

9d07e30f2a7238a495be924fa99761dd7e0dd300ec310e7d2d457ad7e6959b36.exe
Size

3.1MB
Sample

250103-eea5laykgt
MD5

be32c281194c0a859cca202a418a16a3
SHA1

e2c3885c8bc9b24b492f68a2c69ebf0c488abebc
SHA256

9d07e30f2a7238a495be924fa99761dd7e0dd300ec310e7d2d457ad7e6959b36
SHA512

541266a8f6b23b74d40c9d2656adb963c92ed5f8f2f239aa472649958f934f29a37afd42dfe27e9dfc2991c529dc949bffb6766223593c9ff7418778ad9bd36f
SSDEEP

49152:HvnlL26AaNeWgPhlmVqvMQ7XSKKzDKkCWZLoGAVATHHB72eh2NT:HvlL26AaNeWgPhlmVqkQ7XSKKzDjp

Score

10^/10

quasar driver host spyware trojan

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

Driver Host

C2

VisoXC-59263.portmap.host:59263

Mutex

80b8889c-1e9f-4330-a95e-a3d9faf3bfc4

Attributes

encryption_key
C1589EF424F77018CD488E8307C8C1DF199C8A42
install_name
driverhost32.exe
log_directory
Driver Logs
reconnect_delay
3000
startup_key
driverhost32
subdirectory
Driver Host

Targets

- Target
  
  9d07e30f2a7238a495be924fa99761dd7e0dd300ec310e7d2d457ad7e6959b36.exe
- Size
  
  3.1MB
- MD5
  
  be32c281194c0a859cca202a418a16a3
- SHA1
  
  e2c3885c8bc9b24b492f68a2c69ebf0c488abebc
- SHA256
  
  9d07e30f2a7238a495be924fa99761dd7e0dd300ec310e7d2d457ad7e6959b36
- SHA512
  
  541266a8f6b23b74d40c9d2656adb963c92ed5f8f2f239aa472649958f934f29a37afd42dfe27e9dfc2991c529dc949bffb6766223593c9ff7418778ad9bd36f
- SSDEEP
  
  49152:HvnlL26AaNeWgPhlmVqvMQ7XSKKzDKkCWZLoGAVATHHB72eh2NT:HvlL26AaNeWgPhlmVqkQ7XSKKzDjp
Score

10^/10

quasar driver host spyware trojan
- Quasar RAT
  Quasar is an open source Remote Access Tool.
  trojan spyware quasar
- Quasar family
  quasar
- Quasar payload
- Executes dropped EXE
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

driver hostquasar

behavioral1

quasardriver hostspywaretrojan

behavioral2

quasardriver hostspywaretrojan