quasar | bfcdaed93c4c3605be7e800daac4299c4aa0df0218798cb64c2e2f01027989b2 | Triage

Sharing

General

Target

a.cmd
Size

4.2MB
Sample

250127-2z9j8aylfz
MD5

8e53db2a2b188768e4c23344be407467
SHA1

99dd0a15c342904542a6f2f0b9eed3a8c68aff68
SHA256

bfcdaed93c4c3605be7e800daac4299c4aa0df0218798cb64c2e2f01027989b2
SHA512

d7533b52cd188b2f62ea35c0c7774fb5e5d1c824ac96221d8d32a8a73a4f4e29f73ef5cfb968e76def16c2c32f4a35ea6422e3945b9b2d6eb21809ec18a389b6
SSDEEP

49152:bXMw/hbcpR1DHQJLN+Z/8AEUCm5feXp8dv6Hkn1uX+OiqK67KFly6TteW5SEVAAl:G

Score

10^/10

quasar execution spyware trojan

Malware Config

Extracted

Family

quasar

Mutex

"&Rj@��:@b;��

Attributes

encryption_key
2F93492D384FEB71103635232F1BD56A2FEFBDE7
reconnect_delay
3000

Targets

- Target
  
  a.cmd
- Size
  
  4.2MB
- MD5
  
  8e53db2a2b188768e4c23344be407467
- SHA1
  
  99dd0a15c342904542a6f2f0b9eed3a8c68aff68
- SHA256
  
  bfcdaed93c4c3605be7e800daac4299c4aa0df0218798cb64c2e2f01027989b2
- SHA512
  
  d7533b52cd188b2f62ea35c0c7774fb5e5d1c824ac96221d8d32a8a73a4f4e29f73ef5cfb968e76def16c2c32f4a35ea6422e3945b9b2d6eb21809ec18a389b6
- SSDEEP
  
  49152:bXMw/hbcpR1DHQJLN+Z/8AEUCm5feXp8dv6Hkn1uX+OiqK67KFly6TteW5SEVAAl:G
Score

10^/10

quasar execution spyware trojan
- Quasar RAT
  Quasar is an open source Remote Access Tool.
  trojan spyware quasar
- Quasar family
  quasar
- Quasar payload
- Blocklisted process makes network request
- Command and Scripting Interpreter: PowerShell
  Run Powershell and hide display window.
  execution
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

quasarexecutionspywaretrojan