quasar | 38be048dda9dfebcea59c2cbf3cf2abb971b96636aefabc8cafa5359efb63bc2 | Triage

Submit
Reports

Overview

overview

Static

static

Solara V3/...V3.exe

windows7-x64

Solara V3/...V3.exe

windows10-2004-x64

Sharing

General

Target

Solara V3.rar
Size

1.4MB
Sample

250106-c1bbdatjds
MD5

7b4c7a41b1c7ee828b2f7f111cd067ed
SHA1

b1062487e3f233cf1ba5d1d1878085b7f6fa96a7
SHA256

38be048dda9dfebcea59c2cbf3cf2abb971b96636aefabc8cafa5359efb63bc2
SHA512

03da8476dd97bc834873fda0a0544e8f543e1ec27d03790aaa2ec2d4c525777afa3fbc65ed784706d6c0978fc6a6bb6c9841c02ccd8142d547e50c5370396bb4
SSDEEP

24576:NN/q6d/E3Ce+49qdLldADEV7utO65C3bL/w5EAGFJH4IiXCLCu7:TCgdLldAq2gL/IEAGFJYQ9

Score

10^/10

quasar robot discovery spyware trojan

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

Solara V3/SolaraV3.exe

Resource

win7-20240903-en

quasar robot discovery spyware trojan

windows7-x64

12 signatures

900 seconds

Behavioral task

behavioral2

Sample

Solara V3/SolaraV3.exe

Resource

win10v2004-20241007-en

quasar robot discovery spyware trojan

windows10-2004-x64

12 signatures

900 seconds

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

robot

C2

tcp://quasarrat12345-50279.portmap.host:50279

Mutex

5b3b6ef6-1f5c-4cf2-a902-f38fc18c6f74

Attributes

encryption_key
044C06AD5B6394C7D3CCD0919FA2C67D30EA87D4
install_name
SolaraV3.exe
log_directory
Logs
reconnect_delay
3000
startup_key
Windows Update
subdirectory
SubDir

Targets

- Target
  
  Solara V3/SolaraV3.exe
- Size
  
  3.1MB
- MD5
  
  3db0c6fb25d98ede3749c5c296227708
- SHA1
  
  5d7843d185e9d7f56490bd03094f49c1444fa92a
- SHA256
  
  604e26e36c395712913a141ef96bc461385eea54d2182d170196dfee458ea82f
- SHA512
  
  461df5b25d7d14d340729177a987f254425d0bf57ca6f00853278d7640c40b6e52966a6465c0add70193fce2fc7a66555f1338e6a3f9eb28e85f3f5bab64b452
- SSDEEP
  
  49152:xvrI22SsaNYfdPBldt698dBcjHE82wvBx5ZoGdD3THHB72eh2NT:xvU22SsaNYfdPBldt6+dBcjHiwr
Score

10^/10

quasar robot discovery spyware trojan
- Quasar RAT
  Quasar is an open source Remote Access Tool.
  trojan spyware quasar
- Quasar family
  quasar
- Quasar payload
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

Remote System Discovery

System Information Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

quasarrobotdiscoveryspywaretrojan

behavioral2

quasarrobotdiscoveryspywaretrojan

© 2018-2025

Terms | Privacy