quasar | a7e21c512d3e8cac3390c6867663375ca2b7bd36619fe00445147e0696174da5 | Triage

Sharing

General

Target

Payment010225.rar
Size

848KB
Sample

250203-r1dttsvrhl
MD5

b009c932798e83ce65d8c60a6b573b61
SHA1

b8788ec9e90f766b28a3f760656f17fd264968c4
SHA256

a7e21c512d3e8cac3390c6867663375ca2b7bd36619fe00445147e0696174da5
SHA512

0cdce3fa4ba1a5c9fc480d884b197949c3d0f479137b431111595d8f32739080eaf3d00be0beab0112d5a433a56e3cc46b7e2fc72ae87d208ab7d2aa63873511
SSDEEP

24576:LUA5YJ7MiSlTrWDeWHGHuR18285QxpborfrmN:424oimCuHuvr85ypbQa

Score

10^/10

quasar stroy discovery spyware trojan

Malware Config

Extracted

Family

quasar

Version

1.3.0.0

Botnet

Stroy

C2

109.248.151.166:61537

Mutex

QSR_MUTEX_uHD8seWaFzpqqYxRLX

Attributes

encryption_key
IR3AcRhjtuelpwNmTP7v
install_name
Updater.exe
log_directory
Logs
reconnect_delay
3000
startup_key
Windows Update
subdirectory
Windows

Targets

- Target
  
  Payment010225.exe
- Size
  
  951KB
- MD5
  
  b76d3e743d68ca1e3f04d641bfcc3ec7
- SHA1
  
  d2d4fea6920a1a737199ce0fcac7c44adb5d7bd8
- SHA256
  
  72209f1e92435b27f56db50ee9db7b82ebb11a6fb37ea5ade6cda13fc2c0d00c
- SHA512
  
  c1e29917358740c56e9c83a0a5e8ea48d368806a0b71b2a240df9f5568cb7dc0d7b18e2959fe5b40d4ada2733594b6c17e705f6181c3a38eeaa1efd0ab24558b
- SSDEEP
  
  24576:JPzFQtxBAb2JewjA/s5TqKnNiw0RALH0+XxryrSwg2J:1FC+2jpnNiRSXxqgM
Score

10^/10

discovery quasar stroy spyware trojan
- Quasar RAT
  Quasar is an open source Remote Access Tool.
  trojan spyware quasar
- Quasar family
  quasar
- Quasar payload
- Executes dropped EXE
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

quasarstroydiscoveryspywaretrojan