quasar | 21c86774603b796062a9eea7f3b109455de083e08dc7f2c91cf17b49796e1e9d | Triage

Submit
Reports

Overview

overview

Static

static

3

ExitLag/Ex...64.exe

windows7-x64

3

ExitLag/Ex...64.exe

windows10-2004-x64

Sharing

General

Target

ExitLag.rar
Size

1.3MB
Sample

250201-x8mdtsylcq
MD5

367a557eb37b66fcdd1e2bf660f4179e
SHA1

5c40c30b687e7a17debf81f632117f27445e0cb2
SHA256

21c86774603b796062a9eea7f3b109455de083e08dc7f2c91cf17b49796e1e9d
SHA512

9c2eb69b93ea437a8fe244708505ba5d4c9b8eca91b18227becfe860a2c1e9d40a858be07849ce51f31e64e8121b63dda449209041766d9fdc35fa8076dcca4b
SSDEEP

24576:PmyM9FpbN2YmXfNyHAGer9U/NOq/kyubR5s+AwJMLc/Tx3jcoZLq8Aec/DLsHh64:Pl8TOXfUFenMkJbR+GUQxjcgO/DLsHhp

Score

10^/10

quasar exitlag discovery spyware trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

ExitLag/ExitLag/SetupExitLag-5.11.3-x64.exe

Resource

win7-20241010-en

windows7-x64

2 signatures

150 seconds

Behavioral task

behavioral2

Sample

ExitLag/ExitLag/SetupExitLag-5.11.3-x64.exe

Resource

win10v2004-20250129-en

quasar exitlag discovery spyware trojan

windows10-2004-x64

22 signatures

150 seconds

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

ExitLag

C2

SigmaDM420-46661.portmap.host:46661

Mutex

fe774c0e-778c-4779-a984-24ecd4d23c8a

Attributes

encryption_key
EA7DE9E3D9AA87430367EB4DC49C64AB55F256E1
install_name
ExitLag.exe
log_directory
Logs
reconnect_delay
3000
startup_key
ExitLag
subdirectory
ExitLag

Targets

- Target
  
  ExitLag/ExitLag/SetupExitLag-5.11.3-x64.exe
- Size
  
  1.9MB
- MD5
  
  a2740a92c172999364a2e14640c2282d
- SHA1
  
  36e463f16266396d1dd96fb1b48e531abc487931
- SHA256
  
  81b428f9b0e1c92d70c2182ef60139d5508d350e74de60c1448b82740bfd1f46
- SHA512
  
  3b1fcc91f22fcdf26cc5f28cbad0683d4f1d8b39f1b82653af7837eb3f20e690df903eaccdf116b23c3f53baa345698f3f2288e679d48f66012c4fc99a5df81a
- SSDEEP
  
  24576:MDLjcheV9PUNZoMe+wL8On+wKGi0JPrVI4ejXguTIC7utQsSP1IbQs8zilx26mX3:cJUxwFPrsguTVuiTP1dPzkM34y5tmMj
Score

10^/10

discovery quasar exitlag spyware trojan
- Quasar RAT
  Quasar is an open source Remote Access Tool.
  trojan spyware quasar
- Quasar family
  quasar
- Quasar payload
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

Remote System Discovery

System Information Discovery

System Location Discovery

System Language Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

quasarexitlagdiscoveryspywaretrojan

© 2018-2025

Terms | Privacy