quasar | 7247f2a0f71a2f57ccd942f14d4d9028ba1eb9c12f2627e22f9f1f162f0fb3d4 | Triage

Submit
Reports

Overview

overview

Static

static

1

bot.py

windows10-ltsc 2021-x64

Sharing

General

Target

bot.py
Size

10KB
Sample

250131-fh7teaylhs
MD5

9dc50450df6f7d82cfc36a6981439a41
SHA1

acc9e2806781802dbc7a040581ae7c819710ce1d
SHA256

7247f2a0f71a2f57ccd942f14d4d9028ba1eb9c12f2627e22f9f1f162f0fb3d4
SHA512

fef27e948bdf370c619b7c4fc5cf47e31b79eda82eae04ff2760aa1eeb8cd4a9a7326125edecf1d4041800f2ccd01bbbd2042cee7b86d9441a5765be1fe085fe
SSDEEP

192:Dnbfx6QWzbV7rjIJgmbuObHyFnlUjBg0fUM:DnzWzOrbHyFlUdg0fb

Score

10^/10

quasar svhost32 defense_evasion discovery spyware trojan

Static task

static1

Behavioral task

behavioral1

Sample

bot.py

Resource

win10ltsc2021-20250128-en

quasar svhost32 defense_evasion discovery spyware trojan

windows10-ltsc 2021-x64

21 signatures

150 seconds

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

svhost32

C2

87.228.57.81:4782

Mutex

47b71fc0-b2c4-4112-b97a-39385a5399c1

Attributes

encryption_key
19A0FAF8459F69650B5965C225752D425C429EEC
install_name
Client.exe
log_directory
Logs
reconnect_delay
3000
startup_key
svhost32
subdirectory
SubDir

Targets

- Target
  
  bot.py
- Size
  
  10KB
- MD5
  
  9dc50450df6f7d82cfc36a6981439a41
- SHA1
  
  acc9e2806781802dbc7a040581ae7c819710ce1d
- SHA256
  
  7247f2a0f71a2f57ccd942f14d4d9028ba1eb9c12f2627e22f9f1f162f0fb3d4
- SHA512
  
  fef27e948bdf370c619b7c4fc5cf47e31b79eda82eae04ff2760aa1eeb8cd4a9a7326125edecf1d4041800f2ccd01bbbd2042cee7b86d9441a5765be1fe085fe
- SSDEEP
  
  192:Dnbfx6QWzbV7rjIJgmbuObHyFnlUjBg0fUM:DnzWzOrbHyFlUdg0fb
Score

10^/10

quasar svhost32 defense_evasion discovery spyware trojan
- Quasar RAT
  Quasar is an open source Remote Access Tool.
  trojan spyware quasar
- Quasar family
  quasar
- Quasar payload
- Downloads MZ/PE file
- Executes dropped EXE
- Legitimate hosting services abused for malware hosting/C2
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Subvert Trust Controls

SIP and Trust Provider Hijacking

Credential Access

Discovery

Browser Information Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

quasarsvhost32defense_evasiondiscoveryspywaretrojan

© 2018-2025

Terms | Privacy