quasar | 0d6a9673eb3db83be393b8e85fceb372b5fbad79ce1c56bd92ea4b6b3166f657 | Triage

Sharing

General

Target

Especificacin_img-06645478721.pdf76KB.com
Size

3.7MB
Sample

250130-q16n6svlbn
MD5

c7e6c951ca20c04d0d11b0a7d429f6d4
SHA1

e8ec50949c6f6a4e8727a5091f3307381be82839
SHA256

0d6a9673eb3db83be393b8e85fceb372b5fbad79ce1c56bd92ea4b6b3166f657
SHA512

da37fb5599f0a7f405871aff2899c8ece589ff64df1081b2aa3bb563b7f505e4da25ab892094edf7c856fed34f77e0fcec9f5c285af0713d2c57e3d843a0fe67
SSDEEP

98304:01bQRm7L4+pqEYlPqQ5QvWvrfZt7qA7XZ7eFq8u:0mRm7LjpqzkUQvWvrr7qmeRu

Score

10^/10

quasar es code discovery spyware trojan

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

ES CODE

C2

twart.myfirewall.org:9792

rency.ydns.eu:5287

wqo9.firewall-gateway.de:8841

code1.ydns.eu:5287

wqo9.firewall-gateway.de:9792

Mutex

025351e291-5d1041-4fa37-932c7-8L69aeiQec514992

Attributes

encryption_key
3145298725BA5E0DD56E87FFE3F8898EA81E6EDA
install_name
Excelworkbook.exe
log_directory
Logs
reconnect_delay
6000
startup_key
pdfdocument
subdirectory
SubDir

Targets

- Target
  
  Especificacin_img-06645478721.pdf76KB.com
- Size
  
  3.7MB
- MD5
  
  c7e6c951ca20c04d0d11b0a7d429f6d4
- SHA1
  
  e8ec50949c6f6a4e8727a5091f3307381be82839
- SHA256
  
  0d6a9673eb3db83be393b8e85fceb372b5fbad79ce1c56bd92ea4b6b3166f657
- SHA512
  
  da37fb5599f0a7f405871aff2899c8ece589ff64df1081b2aa3bb563b7f505e4da25ab892094edf7c856fed34f77e0fcec9f5c285af0713d2c57e3d843a0fe67
- SSDEEP
  
  98304:01bQRm7L4+pqEYlPqQ5QvWvrfZt7qA7XZ7eFq8u:0mRm7LjpqzkUQvWvrr7qmeRu
Score

10^/10

discovery quasar es code spyware trojan
- Quasar RAT
  Quasar is an open source Remote Access Tool.
  trojan spyware quasar
- Quasar family
  quasar
- Quasar payload
- Executes dropped EXE
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

quasares codediscoveryspywaretrojan