quasar | 654ce4f50fe3eaa0d41122e8702818808f3b8e047ed603dd8b81ca656bd32066 | Triage

Submit
Reports

Overview

overview

Static

static

ClientX.exe

windows11-21h2-x64

Resubmissions

08-01-2025 19:25

250108-x5dyaasmfk 10

Sharing

General

Target

ClientX.exe
Size

3.4MB
Sample

250108-x5dyaasmfk
MD5

12b286770578c1fa0d49fc78f5261bb3
SHA1

93c9e37bcbd6e3e20ed3615f5cd50c0366f4a2fe
SHA256

654ce4f50fe3eaa0d41122e8702818808f3b8e047ed603dd8b81ca656bd32066
SHA512

04fd977eab2fd6ca7cbd90944898e863d1d6a6257b0d55a6fcc267def8e9d62b131b5da69815f5886d0244ebe41189bf9632722b0ea0b3313e2e9a6528b5110d
SSDEEP

49152:TviI22SsaNYfdPBldt698dBcjHHVz+romdwdTHHB72eh2NT:Tvv22SsaNYfdPBldt6+dBcjHHVzQ8

Score

10^/10

quasar clientware discovery spyware trojan

Static task

static1

clientware quasar

3 signatures

Behavioral task

behavioral1

Sample

ClientX.exe

Resource

win11-20241007-en

quasar clientware discovery spyware trojan

windows11-21h2-x64

21 signatures

150 seconds

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

ClientWare

C2

o0p2e195m0-34052.portmap.host:34052

Mutex

2cf264af-b922-4553-ab2f-ca9a14803d7c

Attributes

encryption_key
822DDA51D07B74A7A6138DEA6477731894D69371
install_name
System.exe
log_directory
Logs
reconnect_delay
2000
startup_key
WindowsData
subdirectory
Windows

Targets

- Target
  
  ClientX.exe
- Size
  
  3.4MB
- MD5
  
  12b286770578c1fa0d49fc78f5261bb3
- SHA1
  
  93c9e37bcbd6e3e20ed3615f5cd50c0366f4a2fe
- SHA256
  
  654ce4f50fe3eaa0d41122e8702818808f3b8e047ed603dd8b81ca656bd32066
- SHA512
  
  04fd977eab2fd6ca7cbd90944898e863d1d6a6257b0d55a6fcc267def8e9d62b131b5da69815f5886d0244ebe41189bf9632722b0ea0b3313e2e9a6528b5110d
- SSDEEP
  
  49152:TviI22SsaNYfdPBldt698dBcjHHVz+romdwdTHHB72eh2NT:Tvv22SsaNYfdPBldt6+dBcjHHVzQ8
Score

10^/10

quasar clientware discovery spyware trojan
- Quasar RAT
  Quasar is an open source Remote Access Tool.
  trojan spyware quasar
- Quasar family
  quasar
- Quasar payload
- Executes dropped EXE
- Drops file in System32 directory
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

clientwarequasar

behavioral1

quasarclientwarediscoveryspywaretrojan

© 2018-2025

Terms | Privacy