quasar | 473aa6612326983e4fbd4c203fae85c5eceec84bdec18e19e0fa51cc5bc78449 | Triage

Sharing

General

Target

WHAT!.exe
Size

3.1MB
Sample

250117-26y23awqdm
MD5

b3e25f17e2e4692be51effa96fd68c72
SHA1

4543fbab2b716a6ffb4080f430f73969f6d8b1e7
SHA256

473aa6612326983e4fbd4c203fae85c5eceec84bdec18e19e0fa51cc5bc78449
SHA512

efdf3f45b0f0ead271efdabbb3ecbd9422fe45bf209958c52a2352cc1026564bfd2e6d1327c08ee164d8d2d529518bd8b17c30342c464d687b8e960afbb77b4b
SSDEEP

49152:ZQ2xLAP5gLMgLU+mLWw7bsF7pyuKOeTHHB72eh2NTj:ZQeLBLMUmLWwd0

Score

10^/10

quasar mane spyware trojan

Malware Config

Extracted

Family

quasar

Version

1.0

Botnet

mane

C2

127.0.0.1:7000

Mutex

9ffb20e1-3aea-4c04-840e-36fdd1ecd822

Attributes

encryption_key
SqSCIUuNGqFRCm5FpMJ3tgQkuVTL/8kypjNbMDhu92c=
install_name
Client.exe
log_directory
Logs
reconnect_delay
3000
startup_key
win32
subdirectory
SubDir

Targets

- Target
  
  WHAT!.exe
- Size
  
  3.1MB
- MD5
  
  b3e25f17e2e4692be51effa96fd68c72
- SHA1
  
  4543fbab2b716a6ffb4080f430f73969f6d8b1e7
- SHA256
  
  473aa6612326983e4fbd4c203fae85c5eceec84bdec18e19e0fa51cc5bc78449
- SHA512
  
  efdf3f45b0f0ead271efdabbb3ecbd9422fe45bf209958c52a2352cc1026564bfd2e6d1327c08ee164d8d2d529518bd8b17c30342c464d687b8e960afbb77b4b
- SSDEEP
  
  49152:ZQ2xLAP5gLMgLU+mLWw7bsF7pyuKOeTHHB72eh2NTj:ZQeLBLMUmLWwd0
Score

10^/10

quasar mane spyware trojan
- Quasar RAT
  Quasar is an open source Remote Access Tool.
  trojan spyware quasar
- Quasar family
  quasar
- Quasar payload
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

quasarmanespywaretrojan

behavioral2

quasarmanespywaretrojan