quasar | ff62c26c8faf00f841ddeae1e095b8a65a9cb4e0d2a01879aaa8d767c4550cf8 | Triage

Submit
Reports

Overview

overview

Static

static

Client-built.exe

windows10-2004-x64

Client-built.exe

windows11-21h2-x64

Sharing

General

Target

Client-built.exe
Size

3.1MB
Sample

250115-wnqp3s1rhq
MD5

79069701295f944d67c5f2e0213b3b9c
SHA1

589e8b6227ec6ef923f7eb8e4dc96797593f9535
SHA256

ff62c26c8faf00f841ddeae1e095b8a65a9cb4e0d2a01879aaa8d767c4550cf8
SHA512

472570fbf5ee21c05d9e40aaef32686b5f3f63eba93c7f3efdc23493e74017cea8b2a91a1ac7d8cdbc67fedb18f4dcae20c08fa3b6486807fa38d03dd2114f67
SSDEEP

49152:mvjI22SsaNYfdPBldt698dBcjHtqRJ6sbR3LoGdnTHHB72eh2NT:mvc22SsaNYfdPBldt6+dBcjHtqRJ62

Score

10^/10

quasar test-rat discovery spyware trojan

Static task

static1

test-rat quasar

3 signatures

Behavioral task

behavioral1

Sample

Client-built.exe

Resource

win10v2004-20241007-en

quasar test-rat discovery spyware trojan

windows10-2004-x64

17 signatures

900 seconds

Behavioral task

behavioral2

Sample

Client-built.exe

Resource

win11-20241007-en

quasar test-rat discovery spyware trojan

windows11-21h2-x64

11 signatures

900 seconds

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

test-rat

C2

46.125.249.50:4782:4782

Mutex

e2bb43be-2392-4c93-9a3c-dcea173d5afd

Attributes

encryption_key
AE2F816185F134AF4E7D747D3E55802DE0F16A45
install_name
Virus-Rat.exe
log_directory
Logs
reconnect_delay
3000
startup_key
Windows Defender Update
subdirectory
Rat-Test-cx

Targets

- Target
  
  Client-built.exe
- Size
  
  3.1MB
- MD5
  
  79069701295f944d67c5f2e0213b3b9c
- SHA1
  
  589e8b6227ec6ef923f7eb8e4dc96797593f9535
- SHA256
  
  ff62c26c8faf00f841ddeae1e095b8a65a9cb4e0d2a01879aaa8d767c4550cf8
- SHA512
  
  472570fbf5ee21c05d9e40aaef32686b5f3f63eba93c7f3efdc23493e74017cea8b2a91a1ac7d8cdbc67fedb18f4dcae20c08fa3b6486807fa38d03dd2114f67
- SSDEEP
  
  49152:mvjI22SsaNYfdPBldt698dBcjHtqRJ6sbR3LoGdnTHHB72eh2NT:mvc22SsaNYfdPBldt6+dBcjHtqRJ62
Score

10^/10

quasar test-rat discovery spyware trojan
- Quasar RAT
  Quasar is an open source Remote Access Tool.
  trojan spyware quasar
- Quasar family
  quasar
- Quasar payload
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

Remote System Discovery

System Information Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

quasartest-ratdiscoveryspywaretrojan

behavioral2

quasartest-ratdiscoveryspywaretrojan

© 2018-2025

Terms | Privacy