quasar | da59a47ae6bde91de01f45a7c3ba4217bd91b4cb0087d58ed4e10eea50866e49 | Triage

Submit
Reports

Overview

overview

Static

static

robloxlist.exe

windows7-x64

robloxlist.exe

windows10-2004-x64

Sharing

General

Target

robloxlist.exe
Size

348KB
Sample

250104-bmrwjatkat
MD5

cc0ce734de3f88924449b16df0c92911
SHA1

af48aa8c33b0d8f0757f9abe8938aa66dfa9a588
SHA256

da59a47ae6bde91de01f45a7c3ba4217bd91b4cb0087d58ed4e10eea50866e49
SHA512

c92a607b979a3013426ef181daced2792b451180d196078342dd64dcc6496cc98c824a67b60a7073f527ac905e12d62d61651b576e26a1921e60869c85bcd6b0
SSDEEP

6144:8uwb/c2L0t5kiOW9ubBcz7b3Ga66b2SO:7H2L5ly6czv3GalbJO

Score

10^/10

quasar clint discovery spyware trojan

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

robloxlist.exe

Resource

win7-20240708-en

quasar clint discovery spyware trojan

windows7-x64

16 signatures

900 seconds

Behavioral task

behavioral2

Sample

robloxlist.exe

Resource

win10v2004-20241007-en

quasar clint discovery spyware trojan

windows10-2004-x64

10 signatures

900 seconds

Malware Config

Extracted

Family

quasar

Version

1.3.0.0

Botnet

Clint

C2

192.168.178.29:4780

192.168.178.29:4782

Mutex

QSR_MUTEX_02VEKG7zCDubNpN0wF

Attributes

encryption_key
SPXni05TVd0oAIJtmwYk
install_name
robloxfisch.exe
log_directory
Log
reconnect_delay
3000
startup_key
Quasar Client Startup
subdirectory
SubDir

Targets

- Target
  
  robloxlist.exe
- Size
  
  348KB
- MD5
  
  cc0ce734de3f88924449b16df0c92911
- SHA1
  
  af48aa8c33b0d8f0757f9abe8938aa66dfa9a588
- SHA256
  
  da59a47ae6bde91de01f45a7c3ba4217bd91b4cb0087d58ed4e10eea50866e49
- SHA512
  
  c92a607b979a3013426ef181daced2792b451180d196078342dd64dcc6496cc98c824a67b60a7073f527ac905e12d62d61651b576e26a1921e60869c85bcd6b0
- SSDEEP
  
  6144:8uwb/c2L0t5kiOW9ubBcz7b3Ga66b2SO:7H2L5ly6czv3GalbJO
Score

10^/10

quasar clint discovery spyware trojan
- Quasar RAT
  Quasar is an open source Remote Access Tool.
  trojan spyware quasar
- Quasar family
  quasar
- Quasar payload
- Executes dropped EXE
- Loads dropped DLL
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

quasarclintdiscoveryspywaretrojan

behavioral2

quasarclintdiscoveryspywaretrojan

© 2018-2025

Terms | Privacy