quasar | 2c7b25bd3f50be5f2beaf71b10d012b06bfd91275eda5f3fe4f81c59754b90f3 | Triage

Submit
Reports

Overview

overview

Static

static

3

PrudaTweak.zip

windows7-x64

1

PrudaTweak.zip

windows10-2004-x64

Sharing

General

Target

PrudaTweak.zip
Size

10.6MB
Sample

250126-dcejka1kcq
MD5

1f85b246762c45185e66c10700855f6a
SHA1

6a05572e7d23ad241b933e615b3f180402b6e4e0
SHA256

2c7b25bd3f50be5f2beaf71b10d012b06bfd91275eda5f3fe4f81c59754b90f3
SHA512

f9efae2f1f4964ff533fddebdaf9edc3068e26d68d378f29ecd09cc7d041841ff8f390834067a69c7c0c4c004ffac6abc45191f1353cea7ec5e91b57156dee49
SSDEEP

196608:7AaahvSji7LYOSIlr3vTPzz3Uh33HUxxqM3PBOfo6cakJrdfLjPQbUINfkotWe+:7X0SjkL/lT7jUhUxMM3PB5JrVAbVyotM

Score

10^/10

quasar prudabackend spyware trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

PrudaTweak.zip

Resource

win7-20240903-en

windows7-x64

3 signatures

150 seconds

Behavioral task

behavioral2

Sample

PrudaTweak.zip

Resource

win10v2004-20241007-en

quasar prudabackend spyware trojan

windows10-2004-x64

17 signatures

150 seconds

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

PrudaBackend

C2

45.131.108.110:4782

Mutex

8f8e6059-ac4f-4e47-8d62-3ce070083ecf

Attributes

encryption_key
D82EC4913FC5B28DDFF5AC48635D190A9342C6BD
install_name
update.exe
log_directory
Logs
reconnect_delay
2500
startup_key
Runtime Broker.exe

Targets

- Target
  
  PrudaTweak.zip
- Size
  
  10.6MB
- MD5
  
  1f85b246762c45185e66c10700855f6a
- SHA1
  
  6a05572e7d23ad241b933e615b3f180402b6e4e0
- SHA256
  
  2c7b25bd3f50be5f2beaf71b10d012b06bfd91275eda5f3fe4f81c59754b90f3
- SHA512
  
  f9efae2f1f4964ff533fddebdaf9edc3068e26d68d378f29ecd09cc7d041841ff8f390834067a69c7c0c4c004ffac6abc45191f1353cea7ec5e91b57156dee49
- SSDEEP
  
  196608:7AaahvSji7LYOSIlr3vTPzz3Uh33HUxxqM3PBOfo6cakJrdfLjPQbUINfkotWe+:7X0SjkL/lT7jUhUxMM3PB5JrVAbVyotM
Score

10^/10

quasar prudabackend spyware trojan
- Quasar RAT
  Quasar is an open source Remote Access Tool.
  trojan spyware quasar
- Quasar family
  quasar
- Quasar payload
- Downloads MZ/PE file
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

quasarprudabackendspywaretrojan

© 2018-2025

Terms | Privacy