quasar | 8d31eb458dbdd8c2a077e0f460af302e23d3101ef2b3244122bbd9f27a9cfdd8 | Triage

Submit
Reports

Overview

overview

Static

static

1

8d31eb458d...8N.exe

windows7-x64

8d31eb458d...8N.exe

windows10-2004-x64

Sharing

General

Target

8d31eb458dbdd8c2a077e0f460af302e23d3101ef2b3244122bbd9f27a9cfdd8N.exe
Size

1.3MB
Sample

250104-zxq9raxmat
MD5

ad1762e0e5eef2a9e8c2e4b2e16642c0
SHA1

35db306e48aa98e9186ce3205375bd9a09994636
SHA256

8d31eb458dbdd8c2a077e0f460af302e23d3101ef2b3244122bbd9f27a9cfdd8
SHA512

e98e3b50b2c3ed954bb180202690c3c6faea329ae6dd55b1612f5e02afb11fcc745c58307b25116de0070696efec1bc29fa3c8e9c574cbf57c0d74b09c7f3da5
SSDEEP

24576:SXgzXWjsCGT27mq5qUSXvpVWK5OjKxAVMDJdNnb4INYKk:5Xos3qQUivHW8OjWA+DJdNnccYT

Score

10^/10

quasar plumora discovery spyware trojan

Static task

static1

Behavioral task

behavioral1

Sample

8d31eb458dbdd8c2a077e0f460af302e23d3101ef2b3244122bbd9f27a9cfdd8N.exe

Resource

win7-20241010-en

windows7-x64

13 signatures

120 seconds

Behavioral task

behavioral2

Sample

8d31eb458dbdd8c2a077e0f460af302e23d3101ef2b3244122bbd9f27a9cfdd8N.exe

Resource

win10v2004-20241007-en

quasar plumora discovery spyware trojan

windows10-2004-x64

18 signatures

120 seconds

Malware Config

Extracted

Family

quasar

Version

1.4.0.0

Botnet

Plumora

C2

51.15.17.193:222

Mutex

rMBE19V1piv5vHLGW3

Attributes

encryption_key
aphmBq1R7UlQBWY2O9wd
install_name
Client.exe
log_directory
Logs
reconnect_delay
3000
startup_key
word
subdirectory
SubDir

Targets

- Target
  
  8d31eb458dbdd8c2a077e0f460af302e23d3101ef2b3244122bbd9f27a9cfdd8N.exe
- Size
  
  1.3MB
- MD5
  
  ad1762e0e5eef2a9e8c2e4b2e16642c0
- SHA1
  
  35db306e48aa98e9186ce3205375bd9a09994636
- SHA256
  
  8d31eb458dbdd8c2a077e0f460af302e23d3101ef2b3244122bbd9f27a9cfdd8
- SHA512
  
  e98e3b50b2c3ed954bb180202690c3c6faea329ae6dd55b1612f5e02afb11fcc745c58307b25116de0070696efec1bc29fa3c8e9c574cbf57c0d74b09c7f3da5
- SSDEEP
  
  24576:SXgzXWjsCGT27mq5qUSXvpVWK5OjKxAVMDJdNnb4INYKk:5Xos3qQUivHW8OjWA+DJdNnccYT
Score

10^/10

discovery quasar plumora spyware trojan
- Quasar RAT
  Quasar is an open source Remote Access Tool.
  trojan spyware quasar
- Quasar family
  quasar
- Quasar payload
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Enumerates processes with tasklist
  discovery
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Process Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

quasarplumoradiscoveryspywaretrojan

© 2018-2025

Terms | Privacy