Extracted

• • Target

    build.bat

  • Size

    14.0MB

  • MD5

    ef8beb81c6fa2aaad4a314be361292ce

  • SHA1

    7b7296096931ac5d62081cc91ead8afd2346e0c7

  • SHA256

    6377476be087b6911f24f93a601fd8f46461f52815ec27f95371c8418c385377

  • SHA512

    8ffa18e66e4e8a3a23eb7c2375fa6b25aab90da3265f35d56ea9965f8d2c89a988052bbd0e05c0b3b3c124cb5e9f47b0b6ab5ea0df3b880d449fd3ff2a25767f

  • SSDEEP

    49152:Lhha5TtF7ZXKxZvLjnrt64H1eGHrWT7xdJ11ar07nqcBIL/ULWorCWmZ9vXEdQm/:E

  Score

  10^/10

  quasardefense_evasiondiscoveryspywaretrojan

  • Quasar RAT

    Quasar is an open source Remote Access Tool.

    trojanspywarequasar

  • Quasar family

    quasar

  • Quasar payload

  • Suspicious use of NtCreateUserProcessOtherParentProcess

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Deletes itself

  • Executes dropped EXE

  • Loads dropped DLL

  • Hide Artifacts: Hidden Window

    Windows that would typically be displayed when an application carries out an operation can be hidden.

    defense_evasion

  • Drops file in System32 directory

  • Suspicious use of SetThreadContext

  behavioral1behavioral2