quasar | 3b799ee29671b1b68432091b967388e438861c4046fca8f7091c76ea921bd57b | Triage

Submit
Reports

Overview

overview

Static

static

BlitzedGrabberv12.exe

windows10-ltsc 2021-x64

BlitzedGrabberv12.exe

windows11-21h2-x64

Sharing

General

Target

BlitzedGrabberv12.exe
Size

2.6MB
Sample

250204-bxg43ssken
MD5

077d284a18b1b27ce1b060f2fb181f51
SHA1

ed1ab2f545948d464cb01cb91c70fbb15a7b5dc5
SHA256

3b799ee29671b1b68432091b967388e438861c4046fca8f7091c76ea921bd57b
SHA512

3dc6e525e0cdb738084d1150230ae0389cd9f82c27e416ea2a334831013c124964f5cfbcf96911b15eb965e2dd8f7b5dbaec62966a7d3316c921359f2173cda2
SSDEEP

49152:S3mAznU4n9t2ELj18p4BDifoM83ig9Apl14yGMde+4c5coSskn:SQ49wi73fWc+dL4c5cZn

Score

10^/10

quasar blitzed discovery spyware trojan

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

BlitzedGrabberv12.exe

Resource

win10ltsc2021-20250128-en

quasar blitzed discovery spyware trojan

windows10-ltsc 2021-x64

12 signatures

150 seconds

Behavioral task

behavioral2

Sample

BlitzedGrabberv12.exe

Resource

win11-20241023-en

quasar blitzed discovery spyware trojan

windows11-21h2-x64

12 signatures

150 seconds

Malware Config

Extracted

Family

quasar

Version

1.3.0.0

Botnet

Blitzed

C2

37.19.210.35:57736

Mutex

Blitzed_MUTEX_MV3expVHRYMXXFRcx7

Attributes

encryption_key
hNyQQlS3eTiBt1nViS6y
install_name
Microsoft Host Sercurity.exe
log_directory
Keys
reconnect_delay
3000
startup_key
Windows Security Notification
subdirectory
SubDir

Targets

- Target
  
  BlitzedGrabberv12.exe
- Size
  
  2.6MB
- MD5
  
  077d284a18b1b27ce1b060f2fb181f51
- SHA1
  
  ed1ab2f545948d464cb01cb91c70fbb15a7b5dc5
- SHA256
  
  3b799ee29671b1b68432091b967388e438861c4046fca8f7091c76ea921bd57b
- SHA512
  
  3dc6e525e0cdb738084d1150230ae0389cd9f82c27e416ea2a334831013c124964f5cfbcf96911b15eb965e2dd8f7b5dbaec62966a7d3316c921359f2173cda2
- SSDEEP
  
  49152:S3mAznU4n9t2ELj18p4BDifoM83ig9Apl14yGMde+4c5coSskn:SQ49wi73fWc+dL4c5cZn
Score

10^/10

quasar blitzed discovery spyware trojan
- Quasar RAT
  Quasar is an open source Remote Access Tool.
  trojan spyware quasar
- Quasar family
  quasar
- Quasar payload
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

quasarblitzeddiscoveryspywaretrojan

behavioral2

quasarblitzeddiscoveryspywaretrojan

© 2018-2025

Terms | Privacy