quasar | 4fd29e393c3b38ec8a90ff126bc692ead3a4b56e1269fc0d242a8cbbf25fa7fd | Triage

Sharing

General

Target

Quasar-master.zip
Size

1.4MB
Sample

250131-lejv3atpbn
MD5

10e9e98b1e34511ed934908890a5a6e5
SHA1

0b82ffca06d2b9e4c20747eb14497b76bd5ea939
SHA256

4fd29e393c3b38ec8a90ff126bc692ead3a4b56e1269fc0d242a8cbbf25fa7fd
SHA512

70d4e11719eb39f949022f6740c8ef9862ac47769cec3f077856dc66179094b3d5d5922a471b2427251551f5e61cafe6c3548f3ebcff65765077c4c9b4147883
SSDEEP

24576:N7xyUKwYWRsYPa0f4sVMy49jwXtr3FLqNN6R9Df3F6zDcKin3FRn23Fwf3FMFsyC:N7MRwxRXTnVMy4FwXtrVKN6vV6zfinVV

Score

10^/10

quasar discovery execution

Malware Config

Targets

- Target
  
  Quasar-master/Licenses/BouncyCastle_license.html
- Size
  
  1KB
- MD5
  
  56262735cf803b259d4ac97d8738194e
- SHA1
  
  fe1bdb0ebab0633fd8e1f08751b9d76dbb7176b1
- SHA256
  
  87c0b1f542d06c2b393aa8b459ccf96b9bd736c74b3aaf5987c91fcec844efef
- SHA512
  
  7a9c5ddfdffc0ef42a609661858db80e568029fb6c226fec3d1e18ed87995a2f6e311d3bc3df2ca6e411d64a88990cb225c8574c9e73ba796915c7eb14c54520
Score

3^/10

discovery
behavioral1 behavioral2
- Target
  
  Quasar-master/Quasar.Client/Config/Settings.cs
- Size
  
  4KB
- MD5
  
  553758366e383a1e6697185b469ca4b1
- SHA1
  
  23ef99fa39611ad797e1e9655fbe5b6e66d2fa78
- SHA256
  
  09ab44077df904265351d46b92ac47f55f907531952cbd7a3aff19a699ae2ffe
- SHA512
  
  89c832a919bd5412a8e85f4e41836d44d5dc1c2374a31257b0ccd75245ab23bf3b23377575816129c9234c44837c1fe9f37f19bfe214cec1452e165960d02bbf
- SSDEEP
  
  96:ejPXnKg8I9T0URE2h9AUR1Ri/kzDFS8jRh5YyL:ET0UxAUWkzDBRh5YyL
Score

3^/10

execution
behavioral3 behavioral4
- Target
  
  Quasar-master/Quasar.Client/Extensions/ProcessExtensions.cs
- Size
  
  521B
- MD5
  
  4591d800351086c4b7de6d1ee2ab6065
- SHA1
  
  3569b108bef6c1a2a624f0efd9a52c4a42ffd3e0
- SHA256
  
  603dd7b6d17713b58a3411fa6e0be0831bb15f3916abe23af3b8f0b04dd1e031
- SHA512
  
  fc2c8c5ce7ef631f16b2060a880b60a2381abdfd8c94b2a9700dd82f6d79cd89180aca84c460f7efdc52a37026a284f580510a2a5771915434656887101c7c67
Score

3^/10

execution
behavioral5 behavioral6
- Target
  
  Quasar-master/Quasar.Client/Helper/DateTimeHelper.cs
- Size
  
  607B
- MD5
  
  e0e312c64be6c3646169ba1e52d7811c
- SHA1
  
  3a7995206b1f5315ab839bb2feac6c4b9b123be4
- SHA256
  
  8cc182f910264b0a84ce73bc2abf892946b77f7191e102910db52d91244bf76f
- SHA512
  
  e720eaeb51bc678044c6fe1a0f939a446c51231505e23a38a8ecfe1f417e36d236cea38be27b05abb6654ccff83a3fa18c7f5d6d91d8ba77c3f831354697cd89
Score

3^/10

execution
behavioral7 behavioral8
- Target
  
  Quasar-master/Quasar.Client/Helper/JsonHelper.cs
- Size
  
  1KB
- MD5
  
  d87d740425f128eaad85cb375363721e
- SHA1
  
  8b3add23e9992b7febb664ab4075a6de5b671024
- SHA256
  
  0149197a7b46e5b8a5f5982e3b88adb71ce278e14e04162485addb48e9a9c2af
- SHA512
  
  9b687c41a6ffbb1445d71f536efb119511d0dd3147050dd7ae2b6e8a9ef79ac62d5ad3400e0b6983ccad52dc676205ba3bea61e67fc9554cce1e8cb7261b1e9e
Score

3^/10

execution
behavioral10 behavioral9
- Target
  
  Quasar-master/Quasar.Client/Helper/NativeMethodsHelper.cs
- Size
  
  6KB
- MD5
  
  f1dd79d4ea351b0d2dac0bd3bc4da141
- SHA1
  
  36e9c63b50794adf4786e2851e59f5aee8f5735c
- SHA256
  
  12626cc993212de537d8b7b1eb6044a1a571f45ac4ae1ad04263bcab1ad8923c
- SHA512
  
  7387707ecda6ee19cd88513885c9fb36ed24df5b648b288ea4b975a98bcca71b9bf7c79ca6edf2b39500eb9613eb226f7ed3d4c4dd3ac7ab73e95faf02914cab
- SSDEEP
  
  192:I2CT2iSFsiSqQyy5iSLNfRiSt6DpZUf6BNWL:I2VSBRTyo
Score

3^/10

execution
behavioral11 behavioral12
- Target
  
  Quasar-master/Quasar.Client/Helper/RegistryKeyHelper.cs
- Size
  
  5KB
- MD5
  
  279d23af70779e96f36405198621b26c
- SHA1
  
  570d3a80c7a07b12a44f0a5c462ac68eaafa0873
- SHA256
  
  ee71bea467e6d4299822f8b895e604fed62ebc4c46aa00891d5f70c7e7520a84
- SHA512
  
  6e16c438f2b294a5a79ea98315a455bc5f26ef16acead24e3a2d737bcc55d72bb5ebe1c580430a9651b13a71598c32982e3f6a8e7c50359b8323ee071b835a21
- SSDEEP
  
  96:Jj4Y27vnSvv98758CYov93mbbUov9V0ApCY+osao/ezHwSeYNL:iF7ml8758CYolWbbUolVTpCY+os9A1f5
Score

3^/10

execution
behavioral13 behavioral14
- Target
  
  Quasar-master/Quasar.Client/Helper/SystemHelper.cs
- Size
  
  3KB
- MD5
  
  c568f23c8c53ab05b8cc61447ad209f4
- SHA1
  
  c48dd99ecc04d9e9768886ff91202755a745f2ea
- SHA256
  
  cfece2a2beef3456ad97be7d5c6299a7764c4f7dfcee670018beeb43e9cef66b
- SHA512
  
  30e84458f7bdc0ea5e94a447a61116ad521290a1a59ab1e2650cd9f13f11a0166433255d69dcae73a3d8402d00e43fd999601d1b0ffe12edb4ab269d678ed3d7
Score

3^/10

execution
behavioral15 behavioral16
- Target
  
  Quasar-master/Quasar.Client/IO/Shell.cs
- Size
  
  10KB
- MD5
  
  8d17ff70f42d9bde3558a059c7f8b542
- SHA1
  
  c4d9547f6b75545d48153cfbc98b7e6577b83e02
- SHA256
  
  c6622912c2a9c00b81f8568f37fae90a529a0442c644dcc839bf648b56c2e710
- SHA512
  
  f276fa7ea6351f796a3ee18315f79405d307a832ab4e5c6a4fe6fc6c33055db14b5e2a1ee436554fbffbf67ff61c4fcece8cfdb186c9fb21173f139ca63e194c
- SSDEEP
  
  192:NSm0jVxxYGPq0jjrvH9QWfZXSCg+sfHwCQ2pSCg+sfHwCVpwUdneL1VwRyL:NSmELxYcFvj8PQPnptJ+9
Score

3^/10

execution
behavioral17 behavioral18
- Target
  
  Quasar-master/Quasar.Client/IpGeoLocation/GeoInformationFactory.cs
- Size
  
  1KB
- MD5
  
  fd32a1994ffd87c988ed250ca7a1db0f
- SHA1
  
  aff26da4e0b873cd6d7d489f7cef7792e4e3a853
- SHA256
  
  dfbbd6f8e01766444641489a6e6ce89932278eb9a6b7caeb1fba6f540b29dbd5
- SHA512
  
  550cc4e176e6b44a794409108c9e1df2808d6142f5bd278e4e4c0134ace8d59007a750d33a80259b8d3fe995bee983d7b3c78566014a84edc0b8dbb81c4e839b
Score

3^/10

execution
behavioral19 behavioral20
- Target
  
  Quasar-master/Quasar.Client/IpGeoLocation/GeoInformationRetriever.cs
- Size
  
  6KB
- MD5
  
  0f78de16a74715418d5a77e0b226d8a6
- SHA1
  
  c4dfe2545dd5be0a48a361cdabb6e165ad6b34ae
- SHA256
  
  925dc40c33378b38763fd283e782bab48df5dbf40ba718e7f1e6592d26e10e32
- SHA512
  
  62cb9f8d046a747ea16773456339a4585ee5e1e8cd912b720b9951c1eb98d62e544b74544588ef010658571c837798120d1fc81ec8ef8c15be0d3debe51845ec
- SSDEEP
  
  96:xeP1pN7kDHjPHxCDJGsF3EyoLC7jOSUVQHxTv8QCJhZPAnktQQSCUFCzJPqUQdvc:gWPRC153EICJ8kmQSCUO4UXk2wiSCXL
Score

3^/10

execution
behavioral21 behavioral22
- Target
  
  Quasar-master/Quasar.Client/Logging/Keylogger.cs
- Size
  
  13KB
- MD5
  
  a1e73421d6c58f190fecc12372fdf53c
- SHA1
  
  a7912e8520d14ef325d952652ce656890d075a4b
- SHA256
  
  7e66a0c6c8585ac877173fca17f5511ba44ab2f30a87ec12b18bedf3e3b7bde2
- SHA512
  
  e73c59ef9e04508a71677ff3bdeb8692e918b5dfd10fc5b7832f8d16d593b33d004f679b5f886fc194380ee7c8038cd3e4f3909ceba094c04b9e33ac79bbdd1b
- SSDEEP
  
  192:kKKzwH+GmECAeCuqYQA8Yp4m/1NC6RBPG/jL:kjIQ1Tmf
Score

3^/10

execution
behavioral23 behavioral24
- Target
  
  Quasar-master/Quasar.Client/Messages/ClientServicesHandler.cs
- Size
  
  3KB
- MD5
  
  3893f440ead8e4792bbe5e8fefcb5b21
- SHA1
  
  2e0a6870889a177d743c1fe1e2e65f2df229459e
- SHA256
  
  6071d5096beaeedeb0b56acf00281a0e99470eb7051555a90e6bf5f19d692727
- SHA512
  
  15db270a8f2e8d1b446613ab1b3fe8aed238354393f132f26c6ef8c90f65ea2efe18357ec93d18248b2a11c75eea85c49f10d767e9646b44b19db847330e7d2d
Score

3^/10

execution
behavioral25 behavioral26
- Target
  
  Quasar-master/Quasar.Client/Messages/FileManagerHandler.cs
- Size
  
  16KB
- MD5
  
  a9a9bb1f1298a10841ea06444f62033f
- SHA1
  
  0e40dd917d947fdc0a828a1605c4a20831d0c361
- SHA256
  
  75ee00bd5381383894bc84ae2baa18c6f71664344ef62fd9fa9aac0480422752
- SHA512
  
  c5016172698fcf4646314593aab0d9cb82cac5c491a654d9f8413e200ecdcf974552dd528938fb1e7a93b5590b8d78a01a30325b9be1dfbe3e6856f0008c7b7d
- SSDEEP
  
  192:u9RaSFhNBJfuh84YyIqtXZ/QQ3cRPr4d2duk4HnJTGqvq5J7ViSwU3kVk31J+vSV:QgSFlA3IcXmqvq5Jt31gYV8k
Score

3^/10

execution
behavioral27 behavioral28
- Target
  
  Quasar-master/Quasar.Client/Messages/PasswordRecoveryHandler.cs
- Size
  
  1KB
- MD5
  
  54c5050155cee2f84911cedc4253f4e2
- SHA1
  
  5dd2e2e3c0f291fdbb50571b338e4a253989a3f8
- SHA256
  
  7e78751e91fd8db8291a5285230116954f7daebfa87bb695d6712c24fb01a8df
- SHA512
  
  28a98c4b5033ef0797a86cc42cf4ad72da77f83b9f875ef8c7c82876df3c248eaee6e719eca726700849dc5dbbde0515cf58ba446a6651426efcf05764ea9493
Score

3^/10

execution
behavioral29 behavioral30
- Target
  
  Quasar-master/Quasar.Client/Messages/RegistryHandler.cs
- Size
  
  8KB
- MD5
  
  768502762b86d255ae818dc0948decc8
- SHA1
  
  76a9c1bb779b53a0a727b68b9f849743141829c9
- SHA256
  
  10c09ff628d8099399905c6f8de6cbf7a80806c669109b2aa54219ee43d56f7c
- SHA512
  
  c14fdbb8db0f4c003c2c9d2ae35aa2dca24098475842fe11737d130be3bd2aa226d467952e48aa16697278ba76e25f0391ba252a73b4c6b3cd361357d76c4371
- SSDEEP
  
  192:nC3MTX+tW03do3BP+3S2RCv+3jbXoyb3us1fpU3kOTL:nn1Htvsb4yys1fVW
Score

3^/10

execution
behavioral31 behavioral32

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

JavaScript

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Browser Information Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32