quasar | 22ae9f3838ce28bc03bcb7424f03e3f9a44b660d6647f035bd477bdbcc273900 | Triage

Submit
Reports

Overview

overview

Static

static

1

XClient.rar

windows11-21h2-x64

Resubmissions

27-01-2025 15:49

250127-s9mc1awpgl 1

27-01-2025 00:59

250127-bcg9casmfs 10

Sharing

General

Target

XClient.rar
Size

53KB
Sample

250127-bcg9casmfs
MD5

e6f73d714362fabc16ba67f860fc6ada
SHA1

1190df500df258f434bd6c8def231e210c9f45a6
SHA256

22ae9f3838ce28bc03bcb7424f03e3f9a44b660d6647f035bd477bdbcc273900
SHA512

a0fc6adeb8c054b8ed9a13a3d64c6a6901477b384facc5183fc2c1cd39128f53f12203e983d3204a1710aaa9e20031356ec50705482b0b0477479ba136c6a92b
SSDEEP

768:SfiKlRdTOni46snvxCPVFgteS4QunUNo9MlReUydiEO9NKX4AYsBW9WaeA4dyNFe:KRTwhzcOtehQ9uWVyMdc4AY0/h8Sr

Score

10^/10

quasar xworm hawk tuah spit on that thang discovery execution rat spyware trojan

Static task

static1

Behavioral task

behavioral1

Sample

XClient.rar

Resource

win11-20241007-en

quasar xworm hawk tuah spit on that thang discovery execution rat spyware trojan

windows11-21h2-x64

28 signatures

900 seconds

Malware Config

Extracted

Family

xworm

C2

147.185.221.25:27696

Attributes

install_file
USB.exe

Extracted

Family

quasar

Version

1.4.1

Botnet

hawk tuah spit on that thang

C2

127.0.0.1:4782

Mutex

a97ab5d1-3593-490e-ac3c-7ce1e78e911d

Attributes

encryption_key
6A61F72362B5449D105FC5E6F1FF9D328D267FB3
install_name
Client.exe
log_directory
Logs
reconnect_delay
3000
startup_key
Quasar Client Startup
subdirectory
SubDir

Targets

- Target
  
  XClient.rar
- Size
  
  53KB
- MD5
  
  e6f73d714362fabc16ba67f860fc6ada
- SHA1
  
  1190df500df258f434bd6c8def231e210c9f45a6
- SHA256
  
  22ae9f3838ce28bc03bcb7424f03e3f9a44b660d6647f035bd477bdbcc273900
- SHA512
  
  a0fc6adeb8c054b8ed9a13a3d64c6a6901477b384facc5183fc2c1cd39128f53f12203e983d3204a1710aaa9e20031356ec50705482b0b0477479ba136c6a92b
- SSDEEP
  
  768:SfiKlRdTOni46snvxCPVFgteS4QunUNo9MlReUydiEO9NKX4AYsBW9WaeA4dyNFe:KRTwhzcOtehQ9uWVyMdc4AY0/h8Sr
Score

10^/10

quasar xworm hawk tuah spit on that thang discovery execution rat spyware trojan
- Detect Xworm Payload
- Quasar RAT
  Quasar is an open source Remote Access Tool.
  trojan spyware quasar
- Quasar family
  quasar
- Quasar payload
- Xworm
  Xworm is a remote access trojan written in C#.
  trojan rat xworm
- Xworm family
  xworm
- Command and Scripting Interpreter: PowerShell
  Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
  execution
- Executes dropped EXE
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Browser Information Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

quasarxwormhawk tuah spit on that thangdiscoveryexecutionratspywaretrojan

© 2018-2025

Terms | Privacy