quasar | hxxps://github[.]com/FZGbzuw412/Python-RAT/tree/main | Triage

Submit
Reports

Overview

overview

Static

static

1

URLScan

urlscan

https://github.com/F...

windows11-21h2-x64

Resubmissions

06-01-2025 19:33

250106-x9ys9axmhq 10

06-01-2025 19:33

250106-x9ny2svqev 3

Sharing

General

Target

https://github.com/FZGbzuw412/Python-RAT/tree/main
Sample

250106-x9ys9axmhq

Score

10^/10

quasar victim1 defense_evasion discovery persistence privilege_escalation spyware trojan

Static task

static1

URLScan task

urlscan1

Behavioral task

behavioral1

Sample

https://github.com/FZGbzuw412/Python-RAT/tree/main

Resource

win11-20241007-en

quasar victim1 defense_evasion discovery persistence privilege_escalation spyware trojan

windows11-21h2-x64

34 signatures

3600 seconds

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

Victim1

C2

181.215.176.83:4782

Mutex

6f1cfba9-9724-433c-8339-27dccb488538

Attributes

encryption_key
022ADDF92789AB2EDC96DBC40B2BBC6D43950778
install_name
Chrome.exe
log_directory
Application
reconnect_delay
3000
startup_key
Microsoft Edge Update
subdirectory
Google

Targets

- Target
  
  https://github.com/FZGbzuw412/Python-RAT/tree/main
Score

10^/10

quasar victim1 defense_evasion discovery persistence privilege_escalation spyware trojan
- Quasar RAT
  Quasar is an open source Remote Access Tool.
  trojan spyware quasar
- Quasar family
  quasar
- Quasar payload
- Downloads MZ/PE file
- Event Triggered Execution: Component Object Model Hijacking
  Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
  persistence privilege_escalation
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Legitimate hosting services abused for malware hosting/C2
- Drops file in System32 directory
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Event Triggered Execution

Component Object Model Hijacking

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Event Triggered Execution

Component Object Model Hijacking

Scheduled Task/Job

Scheduled Task

Defense Evasion

Modify Registry

Subvert Trust Controls

Install Root Certificate

SIP and Trust Provider Hijacking

Credential Access

Discovery

Browser Information Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

urlscan1

behavioral1

quasarvictim1defense_evasiondiscoverypersistenceprivilege_escalationspywaretrojan

© 2018-2025

Terms | Privacy