quasar | 229facbf155b85681dbbe760530e79401e30f8cca917c1c93657d2bd7dd3390f | Triage

Submit
Reports

Overview

overview

Static

static

229facbf15...0f.exe

windows7-x64

229facbf15...0f.exe

windows10-2004-x64

Sharing

General

Target

229facbf155b85681dbbe760530e79401e30f8cca917c1c93657d2bd7dd3390f
Size

348KB
Sample

250120-1vwl5a1ner
MD5

3d18b8eed380078fd6b8790335ef6ebf
SHA1

f1f1062cb7b3ed5b7eacb535531e45f1592b7ebf
SHA256

229facbf155b85681dbbe760530e79401e30f8cca917c1c93657d2bd7dd3390f
SHA512

a1ae71cc2892db5b1da6c95da0ad222eb224512212c778c6c3e548c63b19b42346d25e997358c092f3d5d0b77b026db3fcf70c4d95448043a7d38a7d0531e9df
SSDEEP

6144:B16bPXhLApfpbl/FRMTogMH/pbBGIOM9h9+GPw0hXm:LmhApD/MwCIOM0j0hXm

Score

10^/10

quasar alina discovery spyware trojan

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

229facbf155b85681dbbe760530e79401e30f8cca917c1c93657d2bd7dd3390f.exe

Resource

win7-20240903-en

quasar alina discovery spyware trojan

windows7-x64

11 signatures

150 seconds

Behavioral task

behavioral2

Sample

229facbf155b85681dbbe760530e79401e30f8cca917c1c93657d2bd7dd3390f.exe

Resource

win10v2004-20241007-en

quasar alina discovery spyware trojan

windows10-2004-x64

10 signatures

150 seconds

Malware Config

Extracted

Family

quasar

Version

1.3.0.0

Botnet

ALINA

C2

youtubevideos.duckdns.org:10

Mutex

QSR_MUTEX_in9VG8pkDSHQVhS3MQ

Attributes

encryption_key
e902XsAGKQ0V47TRmpUl
install_name
csrsss.exe
log_directory
Logs
reconnect_delay
3000
startup_key
csrss
subdirectory
Suberrors

Targets

- Target
  
  229facbf155b85681dbbe760530e79401e30f8cca917c1c93657d2bd7dd3390f
- Size
  
  348KB
- MD5
  
  3d18b8eed380078fd6b8790335ef6ebf
- SHA1
  
  f1f1062cb7b3ed5b7eacb535531e45f1592b7ebf
- SHA256
  
  229facbf155b85681dbbe760530e79401e30f8cca917c1c93657d2bd7dd3390f
- SHA512
  
  a1ae71cc2892db5b1da6c95da0ad222eb224512212c778c6c3e548c63b19b42346d25e997358c092f3d5d0b77b026db3fcf70c4d95448043a7d38a7d0531e9df
- SSDEEP
  
  6144:B16bPXhLApfpbl/FRMTogMH/pbBGIOM9h9+GPw0hXm:LmhApD/MwCIOM0j0hXm
Score

10^/10

quasar alina discovery spyware trojan
- Quasar RAT
  Quasar is an open source Remote Access Tool.
  trojan spyware quasar
- Quasar family
  quasar
- Quasar payload
- Executes dropped EXE
- Loads dropped DLL
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

quasaralinadiscoveryspywaretrojan

behavioral2

quasaralinadiscoveryspywaretrojan

© 2018-2025

Terms | Privacy