quasar | a410d04d919c39d5f6be80f4a8a6eb61dafbd57f1b867cdc48c213d37d2f5786 | Triage

Submit
Reports

Overview

overview

Static

static

3

JaffaCakes...5d.exe

windows7-x64

JaffaCakes...5d.exe

windows10-2004-x64

3

Sharing

General

Target

JaffaCakes118_ecba252daf2e1fb8b65b0af04bb6385d
Size

844KB
Sample

250110-ylp2waxkhq
MD5

ecba252daf2e1fb8b65b0af04bb6385d
SHA1

18956962cf9c921f8b86a9f21bb6c2de8202f344
SHA256

a410d04d919c39d5f6be80f4a8a6eb61dafbd57f1b867cdc48c213d37d2f5786
SHA512

3b131ee7b34280932cd1a1cbb1712c3a294a145974fd5d4f58a0fde3dad30c1686693eee3b4793d0af41162ad74c9064ef96b62c4edd5bc8b86b809aa4bcac3e
SSDEEP

12288:NDL6oxYlzaD69WuBq1C6MHCssAJ/S/YT4n2WwL1Sk4bZAGFqNWuKFhUOyUbWN5l:tGvEAttsw/SI4n2HSkOgN+Vy3l

Score

10^/10

quasar client discovery spyware trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

JaffaCakes118_ecba252daf2e1fb8b65b0af04bb6385d.exe

Resource

win7-20240729-en

quasar client discovery spyware trojan

windows7-x64

14 signatures

150 seconds

Behavioral task

behavioral2

Sample

JaffaCakes118_ecba252daf2e1fb8b65b0af04bb6385d.exe

Resource

win10v2004-20241007-en

windows10-2004-x64

2 signatures

150 seconds

Malware Config

Extracted

Family

quasar

Version

1.4.0

Botnet

client

C2

10.0.2.2:4782

192.168.0.1:4782

10.0.2.15:4782

255.255.255.0:4782

Mutex

e2e2f510-9470-421c-8417-98939f923438

Attributes

encryption_key
2885B7A815B031474D6AA741214082E2BC1A0DBD
install_name
meme.exe
log_directory
Logs
reconnect_delay
1500
startup_key
Windows Defender
subdirectory
SubDir

Targets

- Target
  
  JaffaCakes118_ecba252daf2e1fb8b65b0af04bb6385d
- Size
  
  844KB
- MD5
  
  ecba252daf2e1fb8b65b0af04bb6385d
- SHA1
  
  18956962cf9c921f8b86a9f21bb6c2de8202f344
- SHA256
  
  a410d04d919c39d5f6be80f4a8a6eb61dafbd57f1b867cdc48c213d37d2f5786
- SHA512
  
  3b131ee7b34280932cd1a1cbb1712c3a294a145974fd5d4f58a0fde3dad30c1686693eee3b4793d0af41162ad74c9064ef96b62c4edd5bc8b86b809aa4bcac3e
- SSDEEP
  
  12288:NDL6oxYlzaD69WuBq1C6MHCssAJ/S/YT4n2WwL1Sk4bZAGFqNWuKFhUOyUbWN5l:tGvEAttsw/SI4n2HSkOgN+Vy3l
Score

10^/10

quasar client discovery spyware trojan
- Quasar RAT
  Quasar is an open source Remote Access Tool.
  trojan spyware quasar
- Quasar family
  quasar
- Quasar payload
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

quasarclientdiscoveryspywaretrojan

behavioral2

© 2018-2025

Terms | Privacy