quasar | 43d6050cb107bbb3cc4023eb2f735e54b072759f08182098ef612474f028e68a | Triage

Submit
Reports

Overview

overview

Static

static

3

burpsuite.exe

windows10-2004-x64

Sharing

General

Target

burpsuite.exe
Size

208.5MB
Sample

250201-btm6xs1jh1
MD5

c620d52e37416cb660c9fdbc12b79620
SHA1

c85d5a9b869c2dca927a2304f42f0c59a0943f85
SHA256

43d6050cb107bbb3cc4023eb2f735e54b072759f08182098ef612474f028e68a
SHA512

02e1ac86231815e5f476d8ce32dcf6e6dbab5618c835f4c27ab053d05730b8f56be9216c88ab1748b1d910c3ae9f79ea626c275b2860d56a7d65712ba4970406
SSDEEP

6291456:xh3YtmOWCkh3PjGl8bJcA8HKWEuxp5HT:fYtmO6tPKMJUqWEuxv

Score

10^/10

quasar loomis3 discovery persistence spyware trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

burpsuite.exe

Resource

win10v2004-20250129-en

quasar loomis3 discovery persistence spyware trojan

windows10-2004-x64

20 signatures

150 seconds

Malware Config

Extracted

Family

quasar

Version

1.3.0.0

Botnet

loomis3

C2

hapansystem.hopto.org:4444

Mutex

QSR_MUTEX_0KwxSTm0dkBBRBLDt0

Attributes

encryption_key
s5qjX0nnX6JZYjQaaEO1
install_name
svhostt.exe
log_directory
Logs
reconnect_delay
3000
startup_key
svhostt
subdirectory
SubDir

Targets

- Target
  
  burpsuite.exe
- Size
  
  208.5MB
- MD5
  
  c620d52e37416cb660c9fdbc12b79620
- SHA1
  
  c85d5a9b869c2dca927a2304f42f0c59a0943f85
- SHA256
  
  43d6050cb107bbb3cc4023eb2f735e54b072759f08182098ef612474f028e68a
- SHA512
  
  02e1ac86231815e5f476d8ce32dcf6e6dbab5618c835f4c27ab053d05730b8f56be9216c88ab1748b1d910c3ae9f79ea626c275b2860d56a7d65712ba4970406
- SSDEEP
  
  6291456:xh3YtmOWCkh3PjGl8bJcA8HKWEuxp5HT:fYtmO6tPKMJUqWEuxv
Score

10^/10

quasar loomis3 discovery persistence spyware trojan
- Quasar RAT
  Quasar is an open source Remote Access Tool.
  trojan spyware quasar
- Quasar family
  quasar
- Quasar payload
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Scheduled Task/Job

Scheduled Task

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

quasarloomis3discoverypersistencespywaretrojan

© 2018-2025

Terms | Privacy