quasar | 2b85704b2d63fe95970f2a35e9f48d9e4a72cd4cdfb6c8127f618bf043332f88 | Triage

Submit
Reports

Overview

overview

Static

static

3

436052B37A...C3.exe

windows7-x64

436052B37A...C3.exe

windows10-2004-x64

Sharing

General

Target

436052B37A3752148C885667E34DD9C3.exe
Size

10.7MB
Sample

250119-kepwmsskap
MD5

436052b37a3752148c885667e34dd9c3
SHA1

59dbc9e97fb1c74ae666bc87e9ab2f453f780006
SHA256

2b85704b2d63fe95970f2a35e9f48d9e4a72cd4cdfb6c8127f618bf043332f88
SHA512

c6ef01300bb1350d64e5a4d5f48a1c013f8638ac9240820d2d27e951b0ca4b105ff2ee66a07bb3954178c7df8435dbfb561b7a7112f8f3ec79e63cedb7f4d784
SSDEEP

196608:QPW6IG7f1KCArQWGRhoDyp7t1OCf80nXIQPfMEftec7HsrEha1:w37d6T+97t1OCf80XIxQec7O

Score

10^/10

quasar svchost 2 svchost 3 discovery pyinstaller spyware trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

436052B37A3752148C885667E34DD9C3.exe

Resource

win7-20240903-en

quasar svchost 2 svchost 3 discovery pyinstaller spyware trojan

windows7-x64

15 signatures

150 seconds

Behavioral task

behavioral2

Sample

436052B37A3752148C885667E34DD9C3.exe

Resource

win10v2004-20241007-en

quasar svchost 2 svchost 3 discovery pyinstaller spyware trojan

windows10-2004-x64

17 signatures

150 seconds

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

svchost 2

C2

41.216.183.179:3742

Mutex

d018acac-011d-4ca3-b0c3-4fdd7ec2d6d1

Attributes

encryption_key
0325CE0E85B5B8870BB69FE8C81088DBCBFAC6F7
install_name
Host Process for Windows Tasks.exe
log_directory
Logs
reconnect_delay
3000
startup_key
Host Process for Windows Tasks
subdirectory
SubDir

Extracted

Family

quasar

Version

1.4.1

Botnet

svchost 3

C2

41.216.183.179:3742

Mutex

11b8b70b-ab15-4aab-8132-3e7b18b2b48b

Attributes

encryption_key
0325CE0E85B5B8870BB69FE8C81088DBCBFAC6F7
install_name
startui.exe
log_directory
Logs
reconnect_delay
3000
startup_key
startui
subdirectory
SubDir

Targets

- Target
  
  436052B37A3752148C885667E34DD9C3.exe
- Size
  
  10.7MB
- MD5
  
  436052b37a3752148c885667e34dd9c3
- SHA1
  
  59dbc9e97fb1c74ae666bc87e9ab2f453f780006
- SHA256
  
  2b85704b2d63fe95970f2a35e9f48d9e4a72cd4cdfb6c8127f618bf043332f88
- SHA512
  
  c6ef01300bb1350d64e5a4d5f48a1c013f8638ac9240820d2d27e951b0ca4b105ff2ee66a07bb3954178c7df8435dbfb561b7a7112f8f3ec79e63cedb7f4d784
- SSDEEP
  
  196608:QPW6IG7f1KCArQWGRhoDyp7t1OCf80nXIQPfMEftec7HsrEha1:w37d6T+97t1OCf80XIxQec7O
Score

10^/10

quasar svchost 2 svchost 3 discovery pyinstaller spyware trojan
- Quasar RAT
  Quasar is an open source Remote Access Tool.
  trojan spyware quasar
- Quasar family
  quasar
- Quasar payload
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Modify Registry

Subvert Trust Controls

Install Root Certificate

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

quasarsvchost 2svchost 3discoverypyinstallerspywaretrojan

behavioral2

quasarsvchost 2svchost 3discoverypyinstallerspywaretrojan

© 2018-2025

Terms | Privacy