quasar | 22d6bb99b130d4ca4ffd7fdb8e1f2660e4bd70a0713ba7cebd0913be4fcd0056 | Triage

Sharing

General

Target

updater.exe
Size

3.3MB
Sample

250204-nh5ytawpdm
MD5

247782c8f55790643a8f71e87915f85d
SHA1

610f1c71c85d5a47fa9e7495dbe7131f194670a3
SHA256

22d6bb99b130d4ca4ffd7fdb8e1f2660e4bd70a0713ba7cebd0913be4fcd0056
SHA512

a3b930ed7fb32e7868aee766d2f4e8dad48714df4aed98ac9fa460265f000f4607bb157f196dd85bd907346b342b6f96fa0969e321b88131dc797a25632cc9bd
SSDEEP

98304:6v462XlaSFNWPjljiFXRoUYIr/RJ60Wrv:MwZYSBW

Score

10^/10

quasar updater spyware trojan

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

updater

C2

84.234.19.36:4782

Mutex

bba70724-e63f-429e-a6db-7272aa6f32e1

Attributes

encryption_key
ECC9828BB5C1CB8A0FE0D993AC8183DEA61ACBBC
install_name
updater.exe
log_directory
Logs
reconnect_delay
3000
startup_key
Updater
subdirectory
Update_29012025

Targets

- Target
  
  updater.exe
- Size
  
  3.3MB
- MD5
  
  247782c8f55790643a8f71e87915f85d
- SHA1
  
  610f1c71c85d5a47fa9e7495dbe7131f194670a3
- SHA256
  
  22d6bb99b130d4ca4ffd7fdb8e1f2660e4bd70a0713ba7cebd0913be4fcd0056
- SHA512
  
  a3b930ed7fb32e7868aee766d2f4e8dad48714df4aed98ac9fa460265f000f4607bb157f196dd85bd907346b342b6f96fa0969e321b88131dc797a25632cc9bd
- SSDEEP
  
  98304:6v462XlaSFNWPjljiFXRoUYIr/RJ60Wrv:MwZYSBW
Score

10^/10

quasar updater spyware trojan
- Quasar RAT
  Quasar is an open source Remote Access Tool.
  trojan spyware quasar
- Quasar family
  quasar
- Quasar payload
- Executes dropped EXE
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

quasarupdaterspywaretrojan

behavioral2

quasarupdaterspywaretrojan