General
-
Target
4c7a86733a4ac849eec1b49179f64b81ed852c47be714d91c3b00d64b79e1399N.exe
-
Size
514B
-
Sample
250108-hz1grsyrgv
-
MD5
6a0393cce6ff34424ddad27b162b67f0
-
SHA1
c67c3d31dd2891d9f0cd070cdf957554ecfd3550
-
SHA256
4c7a86733a4ac849eec1b49179f64b81ed852c47be714d91c3b00d64b79e1399
-
SHA512
6d3c3819261150d27de6f037b7ffbdb0287bd1bb1ffe8cdd84e2a89503e24bc664489d997dbfe5f883a93229b3305fb14b104a8bdcdbee9f39b06684f5717cbc
Malware Config
Extracted
quasar
1.4.1
2026
win32updatess.DUCKDNS.ORG:2
b70adc1c-122d-4b90-9f59-304d0ab81cd5
-
encryption_key
CE02DB1ED3D345B2461CC2276CDEEDF58EF19723
-
install_name
Client.exe
-
log_directory
Logs
-
reconnect_delay
3000
-
startup_key
Quasar Client Startup
-
subdirectory
SubDir
Targets
-
-
Target
4c7a86733a4ac849eec1b49179f64b81ed852c47be714d91c3b00d64b79e1399N.exe
-
Size
514B
-
MD5
6a0393cce6ff34424ddad27b162b67f0
-
SHA1
c67c3d31dd2891d9f0cd070cdf957554ecfd3550
-
SHA256
4c7a86733a4ac849eec1b49179f64b81ed852c47be714d91c3b00d64b79e1399
-
SHA512
6d3c3819261150d27de6f037b7ffbdb0287bd1bb1ffe8cdd84e2a89503e24bc664489d997dbfe5f883a93229b3305fb14b104a8bdcdbee9f39b06684f5717cbc
Score10/10-
Quasar RAT
Quasar is an open source Remote Access Tool.
-
Quasar family
-
Quasar payload
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-