Overview

overview

10

Static

static

1

test.txt

windows11-21h2-x64

Resubmissions

03-02-2025 15:32

250203-symvdswrdq 10

03-02-2025 14:58

250203-sclp7stqhw 7

03-02-2025 13:24

250203-qnnmtstpgm 8

03-02-2025 13:20

250203-qk4vmsskax 7

03-02-2025 12:30

250203-ppwt6asqcn 10

02-02-2025 19:42

250202-yeqd3axrdr 8

02-02-2025 19:41

250202-yej72sxrdk 3

02-02-2025 15:25

250202-stqeqazkbj 7

02-02-2025 15:25

250202-stl3aszkap 10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    test.txt

  • Size

    18B

  • Sample

    250201-qezczavrgj

  • MD5

    5b3f97d48c8751bd031b7ea53545bdb6

  • SHA1

    88be3374c62f23406ec83bb11279f8423bd3f88d

  • SHA256

    d8fce9dd9c65ca143343f7711859a7cffc3c5e656a8b84108183fb769a12ed8b

  • SHA512

    ed2de1eec50310ced4bde8ef6ae4b7902920b007df7b6aeb200cfe9fcc0d36ef05af7526c4675be2feac52831668798d5fe3523175efad6f6549b30f30a0b5d6

Score
10/10
quasarremote controlmicrosoftdiscoveryphishingspywaretrojan

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

Remote Control

C2

10.127.0.81:4782

Mutex

3d3d19ab-0951-4925-8c6f-5a5936283911

Attributes
  • encryption_key

    1E446D242DFD1A0574963B03CE598C31EAFB3750

  • install_name

    WindowSvcManager.exe

  • log_directory

    ServiceManagerLogs

  • reconnect_delay

    3000

  • startup_key

    WindowsSvcManager

  • subdirectory

    WindowsSvcManager

Targets

    • Target

      test.txt

    • Size

      18B

    • MD5

      5b3f97d48c8751bd031b7ea53545bdb6

    • SHA1

      88be3374c62f23406ec83bb11279f8423bd3f88d

    • SHA256

      d8fce9dd9c65ca143343f7711859a7cffc3c5e656a8b84108183fb769a12ed8b

    • SHA512

      ed2de1eec50310ced4bde8ef6ae4b7902920b007df7b6aeb200cfe9fcc0d36ef05af7526c4675be2feac52831668798d5fe3523175efad6f6549b30f30a0b5d6

    Score
    10/10
    quasarremote controlmicrosoftdiscoveryphishingspywaretrojan

    • Quasar RAT

      Quasar is an open source Remote Access Tool.

      trojanspywarequasar

    • Quasar family

      quasar

    • Quasar payload

    • Executes dropped EXE

    • Legitimate hosting services abused for malware hosting/C2

    • Detected potential entity reuse from brand MICROSOFT.

      phishingmicrosoft

    • Drops file in System32 directory

    behavioral1

MITRE ATT&CK Enterprise v15

Tasks