quasar | 389d7381073945558533fbf409f2bce03d5267e5545ecf91c4208b7646165db9 | Triage

Submit
Reports

Overview

overview

Static

static

EclipseIsSoHot.exe

windows7-x64

EclipseIsSoHot.exe

windows10-2004-x64

Sharing

General

Target

EclipseIsSoHot.exe
Size

3.1MB
Sample

250121-zp4vwa1kar
MD5

d270f2b20a6fae8a39ee7b6d9ffecae1
SHA1

d05036a246aa89c8c5ff4827a7a055df65c0eacc
SHA256

389d7381073945558533fbf409f2bce03d5267e5545ecf91c4208b7646165db9
SHA512

ab8d5207d36078d0cdeec67d23c0883ddb89568976cc94c80a491e9b5dc4eb54d68d3df0f2ea46a0c875bc85b8f44a31fb23888babc421f9a6893876a750b9a9
SSDEEP

49152:9vzt62XlaSFNWPjljiFa2RoUYItTR16rbR3boGdDJTHHB72eh2NT:9vh62XlaSFNWPjljiFXRoUYItTR16B

Score

10^/10

quasar darius discovery spyware trojan

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

EclipseIsSoHot.exe

Resource

win7-20240903-en

quasar darius discovery spyware trojan

windows7-x64

19 signatures

150 seconds

Behavioral task

behavioral2

Sample

EclipseIsSoHot.exe

Resource

win10v2004-20241007-en

quasar darius discovery spyware trojan

windows10-2004-x64

11 signatures

150 seconds

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

Darius

C2

Eclipse:80

Mutex

df9a6e4a-c51f-4a16-b5ba-97e6c913f325

Attributes

encryption_key
F438346FAEF700E396AC7AE5D82BB12BBAC49EC0
install_name
Client.exe
log_directory
Logs
reconnect_delay
3000
startup_key
Quasar Client Startup
subdirectory
SubDir

Targets

- Target
  
  EclipseIsSoHot.exe
- Size
  
  3.1MB
- MD5
  
  d270f2b20a6fae8a39ee7b6d9ffecae1
- SHA1
  
  d05036a246aa89c8c5ff4827a7a055df65c0eacc
- SHA256
  
  389d7381073945558533fbf409f2bce03d5267e5545ecf91c4208b7646165db9
- SHA512
  
  ab8d5207d36078d0cdeec67d23c0883ddb89568976cc94c80a491e9b5dc4eb54d68d3df0f2ea46a0c875bc85b8f44a31fb23888babc421f9a6893876a750b9a9
- SSDEEP
  
  49152:9vzt62XlaSFNWPjljiFa2RoUYItTR16rbR3boGdDJTHHB72eh2NT:9vh62XlaSFNWPjljiFXRoUYItTR16B
Score

10^/10

quasar darius discovery spyware trojan
- Quasar RAT
  Quasar is an open source Remote Access Tool.
  trojan spyware quasar
- Quasar family
  quasar
- Quasar payload
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Browser Information Discovery

Query Registry

Remote System Discovery

System Information Discovery

System Location Discovery

System Language Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

quasardariusdiscoveryspywaretrojan

behavioral2

quasardariusdiscoveryspywaretrojan

© 2018-2025

Terms | Privacy