Overview

overview

10

Static

static

10

rat.exe

windows7-x64

10

rat.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    120s
  • max time network
    121s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    22-01-2025 09:31

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    rat.exe

  • Size

    3.0MB

  • MD5

    4f430abe700993232b5f97d3383517ab

  • SHA1

    f9248a808a8fd6d92899ed8257ee133d34c382d7

  • SHA256

    5e40364cd4314af051efde7ca70e784ccf6e77976c008a05f6a61cdcb86b6fcf

  • SHA512

    ebf0384e92beaaa788ebe37fa030a4013f89cf7e1e137c374d729b06a365340028142cfdcb18ffbeb0504a8dd631aded2a64c25e48446120719f5c9988eec23d

  • SSDEEP

    24576:vNeODL4o1TNKsmdRhHJUs4STTKI51CQ/1b/qo+/KfMOEA3ZcDvQ4tN7j7paDJdiq:vNeODL4o1TNKHdRlZTTKgRIv+sm7AB

Score
10/10
quasarspywaretrojan

Malware Config

Signatures

  • Quasar RAT

    Quasar is an open source Remote Access Tool.

    trojanspywarequasar
  • Quasar family
    quasar
  • Quasar payload 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\rat.exe
    "C:\Users\Admin\AppData\Local\Temp\rat.exe"
    1⤵
      PID:1968

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/1968-0-0x000007FEF5883000-0x000007FEF5884000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1968-1-0x0000000000FA0000-0x00000000012A2000-memory.dmp

      Filesize

      3.0MB

      Download

    • memory/1968-2-0x000007FEF5880000-0x000007FEF626C000-memory.dmp

      Filesize

      9.9MB

      Download

    • memory/1968-3-0x000007FEF5880000-0x000007FEF626C000-memory.dmp

      Filesize

      9.9MB

      Download

    • memory/1968-4-0x000007FEF5880000-0x000007FEF626C000-memory.dmp

      Filesize

      9.9MB

      Download

    • memory/1968-5-0x000007FEF5880000-0x000007FEF626C000-memory.dmp

      Filesize

      9.9MB

      Download