quasar | 72209f1e92435b27f56db50ee9db7b82ebb11a6fb37ea5ade6cda13fc2c0d00c | Triage

Submit
Reports

Overview

overview

Static

static

3

Payment010225.exe

windows7-x64

Payment010225.exe

windows10-2004-x64

Sharing

General

Target

Payment010225.exe
Size

951KB
Sample

250203-p5bh6atkcm
MD5

b76d3e743d68ca1e3f04d641bfcc3ec7
SHA1

d2d4fea6920a1a737199ce0fcac7c44adb5d7bd8
SHA256

72209f1e92435b27f56db50ee9db7b82ebb11a6fb37ea5ade6cda13fc2c0d00c
SHA512

c1e29917358740c56e9c83a0a5e8ea48d368806a0b71b2a240df9f5568cb7dc0d7b18e2959fe5b40d4ada2733594b6c17e705f6181c3a38eeaa1efd0ab24558b
SSDEEP

24576:JPzFQtxBAb2JewjA/s5TqKnNiw0RALH0+XxryrSwg2J:1FC+2jpnNiRSXxqgM

Score

10^/10

quasar stroy discovery spyware trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

Payment010225.exe

Resource

win7-20240903-en

quasar stroy discovery spyware trojan

windows7-x64

11 signatures

150 seconds

Behavioral task

behavioral2

Sample

Payment010225.exe

Resource

win10v2004-20250129-en

quasar stroy discovery spyware trojan

windows10-2004-x64

11 signatures

150 seconds

Malware Config

Extracted

Family

quasar

Version

1.3.0.0

Botnet

Stroy

C2

109.248.151.166:61537

Mutex

QSR_MUTEX_uHD8seWaFzpqqYxRLX

Attributes

encryption_key
IR3AcRhjtuelpwNmTP7v
install_name
Updater.exe
log_directory
Logs
reconnect_delay
3000
startup_key
Windows Update
subdirectory
Windows

Targets

- Target
  
  Payment010225.exe
- Size
  
  951KB
- MD5
  
  b76d3e743d68ca1e3f04d641bfcc3ec7
- SHA1
  
  d2d4fea6920a1a737199ce0fcac7c44adb5d7bd8
- SHA256
  
  72209f1e92435b27f56db50ee9db7b82ebb11a6fb37ea5ade6cda13fc2c0d00c
- SHA512
  
  c1e29917358740c56e9c83a0a5e8ea48d368806a0b71b2a240df9f5568cb7dc0d7b18e2959fe5b40d4ada2733594b6c17e705f6181c3a38eeaa1efd0ab24558b
- SSDEEP
  
  24576:JPzFQtxBAb2JewjA/s5TqKnNiw0RALH0+XxryrSwg2J:1FC+2jpnNiRSXxqgM
Score

10^/10

quasar stroy discovery spyware trojan
- Quasar RAT
  Quasar is an open source Remote Access Tool.
  trojan spyware quasar
- Quasar family
  quasar
- Quasar payload
- Executes dropped EXE
- Loads dropped DLL
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

quasarstroydiscoveryspywaretrojan

behavioral2

quasarstroydiscoveryspywaretrojan

© 2018-2025

Terms | Privacy