quasar | b497ae4e48e97c04cebe2d1951472e0fdcb46b24d7ed7083a7571ecc3ac24f9d | Triage

Submit
Reports

Overview

overview

Static

static

3

Tiny v0.2/Tiny.exe

windows7-x64

Tiny v0.2/Tiny.exe

windows10-2004-x64

3

Resubmissions

09-01-2025 21:48

250109-1n5lfsskf1 10

09-01-2025 21:32

250109-1dl2cstnhr 10

Sharing

General

Target

Tiny v0.2.7z
Size

242KB
Sample

250109-1dl2cstnhr
MD5

e8c520acf2c2aafab855cb020bdd6ecc
SHA1

004f026a0df17fc5baa71b03ed388b8d3e48d230
SHA256

b497ae4e48e97c04cebe2d1951472e0fdcb46b24d7ed7083a7571ecc3ac24f9d
SHA512

11d72746ff41b91ba51a15f817b568af784bf8642dfacbf85e2cba0ad7d88b4f8737c898b1c57cd3ef2584f7cbedf520214a1c4ab42bfae7143e554ea0c2afa1
SSDEEP

6144:jziVGaB36IAuHLpzYjtLvVvIvUPwwXpz12yLvV:PiV3NkjtZvIrwJDV

Score

10^/10

quasar number 456 discovery spyware trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

Tiny v0.2/Tiny.exe

Resource

win7-20240903-en

quasar number 456 discovery spyware trojan

windows7-x64

25 signatures

900 seconds

Behavioral task

behavioral2

Sample

Tiny v0.2/Tiny.exe

Resource

win10v2004-20241007-en

windows10-2004-x64

3 signatures

900 seconds

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

Number 456

C2

Ratter 456:4782

10.127.0.219:4782

Mutex

29a9cb49-561a-4d11-b619-5d042708f151

Attributes

encryption_key
AFF15AE262A0B33ED41C078A19953E1D951806F1
install_name
Client.exe
log_directory
Logs
reconnect_delay
3000
startup_key
Quasar Client Startup
subdirectory
SubDir

Targets

- Target
  
  Tiny v0.2/Tiny.exe
- Size
  
  618KB
- MD5
  
  b9f7f125066c414f71fb9b805879a4cf
- SHA1
  
  e7a5ea344304f289029d031b012a680b689aa7d1
- SHA256
  
  d944181cf3c1dc7b02d30d4802d491a99f42a181446ce1be7710724541210c7d
- SHA512
  
  4bd845189e56aaa0ff55a321372ff7b3ab6cf68a272787371c014f70831eca56d6b03365a4f8589b1f3b55a083c8d908e9cb9f6167ac868113354d9ca436433f
- SSDEEP
  
  12288:ILEddxz9C1r0twaY0lmJZdwA8mRARNC+y9ErlfSu:KE/XFA4pAARNCvulfSu
Score

10^/10

quasar number 456 discovery spyware trojan
- Quasar RAT
  Quasar is an open source Remote Access Tool.
  trojan spyware quasar
- Quasar family
  quasar
- Quasar payload
- Executes dropped EXE
- Legitimate hosting services abused for malware hosting/C2
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Modify Registry

Credential Access

Discovery

Browser Information Discovery

Query Registry

Remote System Discovery

System Information Discovery

System Location Discovery

System Language Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

quasarnumber 456discoveryspywaretrojan

behavioral2

© 2018-2025

Terms | Privacy