Overview

overview

10

Static

static

10

Windows-Ac...on.zip

windows11-21h2-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Windows-Activation.zip

  • Size

    1.1MB

  • Sample

    250105-ffz1satrhn

  • MD5

    a95f11ca5a79851b841d4067575157b5

  • SHA1

    38e9c2468ca0dff7d8a29326e8b3f088d53cd8c1

  • SHA256

    84ccda8f5546361630314c5d7be711813e47a8c9f228f8be898691af5cdb9c6d

  • SHA512

    b0361fe666150041221f87bf350e7b7302ecc948e20ef04930c689e60213c992ac0f739705aa9648a3a04b092385fadee4ac4aa4c708f41678bf25be7e7a11a3

  • SSDEEP

    24576:HUY21azKI3AQUwlibre9F7x17QtC+UqRurDQwIjbkq/DiC43JgHCD362:tZXb0C+Uiur0LaPgO62

Score
10/10
quasarsvchost.exespywaretrojan

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

Svchost.exe

C2

192.168.1.190:4782

Mutex

75ec4d04-9201-465b-9d52-07fbf8901610

Attributes
  • encryption_key

    BC9F0EB6E1FA6B8559DDF8DE0AEF08110EBCF8E5

  • install_name

    Svchostt.exe

  • log_directory

    Logs

  • reconnect_delay

    3000

  • startup_key

    Svchostt.exe

Targets

    • Target

      Windows-Activation.zip

    • Size

      1.1MB

    • MD5

      a95f11ca5a79851b841d4067575157b5

    • SHA1

      38e9c2468ca0dff7d8a29326e8b3f088d53cd8c1

    • SHA256

      84ccda8f5546361630314c5d7be711813e47a8c9f228f8be898691af5cdb9c6d

    • SHA512

      b0361fe666150041221f87bf350e7b7302ecc948e20ef04930c689e60213c992ac0f739705aa9648a3a04b092385fadee4ac4aa4c708f41678bf25be7e7a11a3

    • SSDEEP

      24576:HUY21azKI3AQUwlibre9F7x17QtC+UqRurDQwIjbkq/DiC43JgHCD362:tZXb0C+Uiur0LaPgO62

    Score
    10/10
    quasarsvchost.exespywaretrojan

    • Quasar RAT

      Quasar is an open source Remote Access Tool.

      trojanspywarequasar

    • Quasar family

      quasar

    • Quasar payload

    • Executes dropped EXE

    • Drops file in System32 directory

    behavioral1

MITRE ATT&CK Enterprise v15

Tasks