quasar | 4c321dbc58bd6f4b3f63985cc01776cc0837bda5afacd41ed60621055839ac40 | Triage

Sharing

General

Target

JaffaCakes118_b1ff77998952464295aa1e03ff663bc1
Size

8.0MB
Sample

250108-27vq2axnhw
MD5

b1ff77998952464295aa1e03ff663bc1
SHA1

c9bbb2e532e2bf985d9b0d0714f4c0863988cb1f
SHA256

4c321dbc58bd6f4b3f63985cc01776cc0837bda5afacd41ed60621055839ac40
SHA512

41cade9f993a1c7051bed07d8b04574572c00ec5dd54c65fe70e641ee7a12fd05db6da6aaf0f6629886b54cd045a0c659d328cee42a5e7f3c6d2b679ef201f75
SSDEEP

49152:jCixMQg3Q3cX5C/wnvdAlPjcmYeuc8gFdbkLUtJd4Bg1S1Cqfo2FForB4nMJnBy1:jC8LA

Score

10^/10

quasar venomtest discovery persistence spyware trojan

Malware Config

Extracted

Family

quasar

Version

2.8.0.1

Botnet

VenomTest

C2

2.tcp.ngrok.io:10499

Mutex

aQnrmLl26xZY2XjKa4

Attributes

encryption_key
gEu4ClJ02hFf38qGEVYN
install_name
Venom.exe
log_directory
Logs
reconnect_delay
3000
startup_key
Venom Client Startup

Targets

- Target
  
  JaffaCakes118_b1ff77998952464295aa1e03ff663bc1
- Size
  
  8.0MB
- MD5
  
  b1ff77998952464295aa1e03ff663bc1
- SHA1
  
  c9bbb2e532e2bf985d9b0d0714f4c0863988cb1f
- SHA256
  
  4c321dbc58bd6f4b3f63985cc01776cc0837bda5afacd41ed60621055839ac40
- SHA512
  
  41cade9f993a1c7051bed07d8b04574572c00ec5dd54c65fe70e641ee7a12fd05db6da6aaf0f6629886b54cd045a0c659d328cee42a5e7f3c6d2b679ef201f75
- SSDEEP
  
  49152:jCixMQg3Q3cX5C/wnvdAlPjcmYeuc8gFdbkLUtJd4Bg1S1Cqfo2FForB4nMJnBy1:jC8LA
Score

10^/10

quasar venomtest discovery persistence spyware trojan
- Quasar RAT
  Quasar is an open source Remote Access Tool.
  trojan spyware quasar
- Quasar family
  quasar
- Quasar payload
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

quasarvenomtestdiscoverypersistencespywaretrojan

behavioral2

quasarvenomtestdiscoverypersistencespywaretrojan