quasar | 63c6d0920ea03f76908fe5f7b2492445de2ae9a2324fe4bb8e8300b869e92950 | Triage

Submit
Reports

Overview

overview

Static

static

3

63c6d0920e...0N.exe

windows7-x64

63c6d0920e...0N.exe

windows10-2004-x64

Resubmissions

04-01-2025 14:13

250104-rjfxvssphx 10

04-01-2025 13:54

250104-q7y8nsvkaj 10

Sharing

General

Target

63c6d0920ea03f76908fe5f7b2492445de2ae9a2324fe4bb8e8300b869e92950N.exe
Size

480KB
Sample

250104-q7y8nsvkaj
MD5

1eb69f7c6c85d25643396c52745fb8f0
SHA1

80266ec69123767990f1e58372ee9b47c12e01cc
SHA256

63c6d0920ea03f76908fe5f7b2492445de2ae9a2324fe4bb8e8300b869e92950
SHA512

6f45abc90571e3efae25dce66cb86d69aea53d3631662dbc0317905ca6f9740de3eb112196b9c83544907e944057a0eab5698fd0834df277f755536b74ec215f
SSDEEP

12288:iww6xvH9M3Ir55+JpWQbe6Ef4D+2u+4gnflehW:inKP9M4r55+JAQGf4D+2tleA

Score

10^/10

quasar svchost.exe discovery spyware trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

63c6d0920ea03f76908fe5f7b2492445de2ae9a2324fe4bb8e8300b869e92950N.exe

Resource

win7-20240903-en

quasar svchost.exe discovery spyware trojan

windows7-x64

12 signatures

120 seconds

Behavioral task

behavioral2

Sample

63c6d0920ea03f76908fe5f7b2492445de2ae9a2324fe4bb8e8300b869e92950N.exe

Resource

win10v2004-20241007-en

quasar svchost.exe discovery spyware trojan

windows10-2004-x64

12 signatures

120 seconds

Malware Config

Extracted

Family

quasar

Version

1.3.0.0

Botnet

svchost.exe

C2

23.227.174.82:4782

Mutex

QSR_MUTEX_UtaUPinApnyZsQXsVE

Attributes

encryption_key
hn8U0t79xWv7f03kzG79
install_name
Client.exe
log_directory
Logs
reconnect_delay
3000
startup_key
Quasar Client Startup
subdirectory
SubDir

Targets

- Target
  
  63c6d0920ea03f76908fe5f7b2492445de2ae9a2324fe4bb8e8300b869e92950N.exe
- Size
  
  480KB
- MD5
  
  1eb69f7c6c85d25643396c52745fb8f0
- SHA1
  
  80266ec69123767990f1e58372ee9b47c12e01cc
- SHA256
  
  63c6d0920ea03f76908fe5f7b2492445de2ae9a2324fe4bb8e8300b869e92950
- SHA512
  
  6f45abc90571e3efae25dce66cb86d69aea53d3631662dbc0317905ca6f9740de3eb112196b9c83544907e944057a0eab5698fd0834df277f755536b74ec215f
- SSDEEP
  
  12288:iww6xvH9M3Ir55+JpWQbe6Ef4D+2u+4gnflehW:inKP9M4r55+JAQGf4D+2tleA
Score

10^/10

quasar svchost.exe discovery spyware trojan
- Quasar RAT
  Quasar is an open source Remote Access Tool.
  trojan spyware quasar
- Quasar family
  quasar
- Quasar payload
- Drops startup file
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

quasarsvchost.exediscoveryspywaretrojan

behavioral2

quasarsvchost.exediscoveryspywaretrojan

© 2018-2025

Terms | Privacy