General
-
Target
c196286c4abe88a9242b9f619c261571a658244e4e77272e33dd2527606087a0.exe
-
Size
551B
-
Sample
250108-thh2yaxpej
-
MD5
2ffd76a01df2c01b424688a63c8f769e
-
SHA1
2cabb8e5854db69ae9d836deea7c554df6404d10
-
SHA256
c196286c4abe88a9242b9f619c261571a658244e4e77272e33dd2527606087a0
-
SHA512
6ce5c376b98960ce6c318c7f958f5b042b15282f12f53e899449330354273d49368c32fa672e2199d4eeb8e13bfb7dcdf0d90c314a8c9559534f4c1fb500883e
Malware Config
Extracted
quasar
1.4.1
2026
win32updatess.DUCKDNS.ORG:2
b70adc1c-122d-4b90-9f59-304d0ab81cd5
-
encryption_key
CE02DB1ED3D345B2461CC2276CDEEDF58EF19723
-
install_name
Client.exe
-
log_directory
Logs
-
reconnect_delay
3000
-
startup_key
Quasar Client Startup
-
subdirectory
SubDir
Targets
-
-
Target
c196286c4abe88a9242b9f619c261571a658244e4e77272e33dd2527606087a0.exe
-
Size
551B
-
MD5
2ffd76a01df2c01b424688a63c8f769e
-
SHA1
2cabb8e5854db69ae9d836deea7c554df6404d10
-
SHA256
c196286c4abe88a9242b9f619c261571a658244e4e77272e33dd2527606087a0
-
SHA512
6ce5c376b98960ce6c318c7f958f5b042b15282f12f53e899449330354273d49368c32fa672e2199d4eeb8e13bfb7dcdf0d90c314a8c9559534f4c1fb500883e
Score10/10-
Quasar RAT
Quasar is an open source Remote Access Tool.
-
Quasar family
-
Quasar payload
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-