Extracted

• • Target

    Client.exe

  • Size

    3.1MB

  • MD5

    aad11067aa90b9d96958aae378c45747

  • SHA1

    13dc757a06a092ab0ef34482c307604a67fd74b9

  • SHA256

    2787d416bf228915debc5d9c9e058cc246f8da7217c706d8a1fe0cb788a9155b

  • SHA512

    8a2fc9cfc72b7f9fb0ff54292022d738013813f222ebe3d7e54f1d916a6307d7652a5f4276d38550e6c515e637358b039a3f784e70a187e2d754b60eaff26813

  • SSDEEP

    49152:gvXhBYjCOuDt2d5aKCuVPzlEmVQL0wvwkaE8sV4mzFEoGdCTHHB72eh2NT:gvdt2d5aKCuVPzlEmVQ0wvwfJsVo

  Score

  10^/10

  quasarvm-kudiscoveryspywaretrojan

  • Quasar RAT

    Quasar is an open source Remote Access Tool.

    trojanspywarequasar

  • Quasar family

    quasar

  • Quasar payload

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Drops file in System32 directory

  behavioral1behavioral2