quasar | 874dc85b74f8ee6a116d38453078905ee487949425e97a42de9b258dd6b8bbf5 | Triage

Sharing

General

Target

874dc85b74f8ee6a116d38453078905ee487949425e97a42de9b258dd6b8bbf5.exe
Size

3.1MB
Sample

250128-hde9ps1kaj
MD5

c965446805dc5c40e1bffe859716bea7
SHA1

7d6b257f8f830f512552bd11b36bb1fc88a1e966
SHA256

874dc85b74f8ee6a116d38453078905ee487949425e97a42de9b258dd6b8bbf5
SHA512

157b7d59cb94d83dceba138207f1d335df6f9da90c510cbad8e0b252173be05679352de83d2aef2e3ae3d7de58f7253f93422b44680d2cb63e6c3640fd68233b
SSDEEP

49152:bv1I22SsaNYfdPBldt698dBcjHQFwGSBe1LoLdfTHHB72eh2NT:bve22SsaNYfdPBldt6+dBcjH5GD

Score

10^/10

quasar prudabackend spyware trojan

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

PrudaBackend

C2

45.131.108.110:4782

Mutex

8f8e6059-ac4f-4e47-8d62-3ce070083ecf

Attributes

encryption_key
D82EC4913FC5B28DDFF5AC48635D190A9342C6BD
install_name
update.exe
log_directory
Logs
reconnect_delay
2500
startup_key
Runtime Broker.exe

Targets

- Target
  
  874dc85b74f8ee6a116d38453078905ee487949425e97a42de9b258dd6b8bbf5.exe
- Size
  
  3.1MB
- MD5
  
  c965446805dc5c40e1bffe859716bea7
- SHA1
  
  7d6b257f8f830f512552bd11b36bb1fc88a1e966
- SHA256
  
  874dc85b74f8ee6a116d38453078905ee487949425e97a42de9b258dd6b8bbf5
- SHA512
  
  157b7d59cb94d83dceba138207f1d335df6f9da90c510cbad8e0b252173be05679352de83d2aef2e3ae3d7de58f7253f93422b44680d2cb63e6c3640fd68233b
- SSDEEP
  
  49152:bv1I22SsaNYfdPBldt698dBcjHQFwGSBe1LoLdfTHHB72eh2NT:bve22SsaNYfdPBldt6+dBcjH5GD
Score

10^/10

quasar prudabackend spyware trojan
- Quasar RAT
  Quasar is an open source Remote Access Tool.
  trojan spyware quasar
- Quasar family
  quasar
- Quasar payload
- Executes dropped EXE
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

prudabackendquasar

behavioral1

quasarprudabackendspywaretrojan

behavioral2

quasarprudabackendspywaretrojan