quasar | f8431dd48bff13d43e84636a28c6f718f94c3fbaabfdc4505ba1c49390410dd0 | Triage

Submit
Reports

Overview

overview

Static

static

3

payload_1.exe

windows7-x64

payload_1.exe

windows10-2004-x64

Sharing

General

Target

payload_1.exe
Size

10.3MB
Sample

250204-x3asvaxrhz
MD5

193c0f25237bf72feba33c0ac094633f
SHA1

49d04b78ac3abed78f63f2a417aaaa3b2df015d0
SHA256

f8431dd48bff13d43e84636a28c6f718f94c3fbaabfdc4505ba1c49390410dd0
SHA512

f876fe18aa868e6b5fcca10e8def67f65be948283234c09cce5ab87938b1e797567498f6cc30ce7cd9bff3dd31a98a382bd950e1d49e1d782cce667516e62dd8
SSDEEP

49152:AHZtA2qbxwSAKPbSZ8ncZSgiGrgXfaZAfCjCQquQplaoMc30D8zyYEF2SSmbUsr+:A54

Score

10^/10

quasar seroxen v2.2.5 | seroxen defense_evasion discovery spyware trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

payload_1.exe

Resource

win7-20240903-en

windows7-x64

9 signatures

150 seconds

Behavioral task

behavioral2

Sample

payload_1.exe

Resource

win10v2004-20250129-en

quasar seroxen v2.2.5 | seroxen defense_evasion discovery spyware trojan

windows10-2004-x64

24 signatures

150 seconds

Malware Config

Extracted

Family

quasar

Version

1.0.0.0

Botnet

v2.2.5 | SeroXen

C2

kimsoylak.ddns.net:4782

Mutex

2cc9d61f-950d-4f23-b7d5-45d9dda2f256

Attributes

encryption_key
F467D794B2E1081B6AD1EAD5813AFA74F053248D
install_name
.exe
log_directory
$sxr-Logs
reconnect_delay
1

Targets

- Target
  
  payload_1.exe
- Size
  
  10.3MB
- MD5
  
  193c0f25237bf72feba33c0ac094633f
- SHA1
  
  49d04b78ac3abed78f63f2a417aaaa3b2df015d0
- SHA256
  
  f8431dd48bff13d43e84636a28c6f718f94c3fbaabfdc4505ba1c49390410dd0
- SHA512
  
  f876fe18aa868e6b5fcca10e8def67f65be948283234c09cce5ab87938b1e797567498f6cc30ce7cd9bff3dd31a98a382bd950e1d49e1d782cce667516e62dd8
- SSDEEP
  
  49152:AHZtA2qbxwSAKPbSZ8ncZSgiGrgXfaZAfCjCQquQplaoMc30D8zyYEF2SSmbUsr+:A54
Score

10^/10

seroxen trojan quasar v2.2.5 | seroxen defense_evasion discovery spyware
- Quasar RAT
  Quasar is an open source Remote Access Tool.
  trojan spyware quasar
- Quasar family
  quasar
- Quasar payload
- Seroxen family
  seroxen
- Seroxen, Ser0xen
  Seroxen or SeroXen aka Ser0Xen is a trojan fist disovered in late 2022.
  trojan seroxen
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Hide Artifacts: Hidden Window
  Windows that would typically be displayed when an application carries out an operation can be hidden.
  defense_evasion
- Drops file in System32 directory
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Hide Artifacts

Hidden Window

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

quasarseroxenv2.2.5 | seroxendefense_evasiondiscoveryspywaretrojan

© 2018-2025

Terms | Privacy