quasar | 2b556da7af4e05fdc5c0a47bbdcc999bc9f3f708f7aa88f07ed3083f88d45432 | Triage

Submit
Reports

Overview

overview

Static

static

2b556da7af...32.exe

windows7-x64

2b556da7af...32.exe

windows10-2004-x64

Sharing

General

Target

2b556da7af4e05fdc5c0a47bbdcc999bc9f3f708f7aa88f07ed3083f88d45432
Size

3.1MB
Sample

250124-yf8a9svmf1
MD5

7c1fd7240072a6a6f53d93f191d769f0
SHA1

c0f3004513ea69aca854da4a740b176d04be8a35
SHA256

2b556da7af4e05fdc5c0a47bbdcc999bc9f3f708f7aa88f07ed3083f88d45432
SHA512

513f39e50c98b9bc22e7e97291df9577dd22c7a75405c86a0c49df8101b84ec67f96372d974c27dfd421bec3e8dc2b77984609136cda6e9ab39e0081ec84e493
SSDEEP

49152:/v4uf2NUaNmwzPWlvdaKM7ZxTwkCC1JdLoGdeTHHB72eh2NT:/v3f2NUaNmwzPWlvdaB7ZxTwkCI

Score

10^/10

quasar stinky discovery spyware trojan

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

2b556da7af4e05fdc5c0a47bbdcc999bc9f3f708f7aa88f07ed3083f88d45432.exe

Resource

win7-20240903-en

quasar stinky discovery spyware trojan

windows7-x64

12 signatures

150 seconds

Behavioral task

behavioral2

Sample

2b556da7af4e05fdc5c0a47bbdcc999bc9f3f708f7aa88f07ed3083f88d45432.exe

Resource

win10v2004-20241007-en

quasar stinky discovery spyware trojan

windows10-2004-x64

13 signatures

150 seconds

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

Stinky

C2

ef3243fsert34.ddns.net:47820

oj42315j346ng2134.myvnc.com:47820

Mutex

448b82a7-900f-48ac-b52b-73d8b9b1a9fa

Attributes

encryption_key
7A23123B6E1E0CCDB27477C6C7654C7BE2FEDE54
install_name
sru.exe
log_directory
Logs
reconnect_delay
3000
startup_key
xml
subdirectory
sru

Targets

- Target
  
  2b556da7af4e05fdc5c0a47bbdcc999bc9f3f708f7aa88f07ed3083f88d45432
- Size
  
  3.1MB
- MD5
  
  7c1fd7240072a6a6f53d93f191d769f0
- SHA1
  
  c0f3004513ea69aca854da4a740b176d04be8a35
- SHA256
  
  2b556da7af4e05fdc5c0a47bbdcc999bc9f3f708f7aa88f07ed3083f88d45432
- SHA512
  
  513f39e50c98b9bc22e7e97291df9577dd22c7a75405c86a0c49df8101b84ec67f96372d974c27dfd421bec3e8dc2b77984609136cda6e9ab39e0081ec84e493
- SSDEEP
  
  49152:/v4uf2NUaNmwzPWlvdaKM7ZxTwkCC1JdLoGdeTHHB72eh2NT:/v3f2NUaNmwzPWlvdaB7ZxTwkCI
Score

10^/10

quasar stinky discovery spyware trojan
- Quasar RAT
  Quasar is an open source Remote Access Tool.
  trojan spyware quasar
- Quasar family
  quasar
- Quasar payload
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

Remote System Discovery

System Information Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

quasarstinkydiscoveryspywaretrojan

behavioral2

quasarstinkydiscoveryspywaretrojan

© 2018-2025

Terms | Privacy