quasar | ac562299cd216585d58cab4c435c1578f3e451820a4c0feb2d902d0662645446 | Triage

Submit
Reports

Overview

overview

Static

static

3

payload_1_sxr.exe

windows7-x64

payload_1_sxr.exe

windows10-2004-x64

Sharing

General

Target

payload_1_sxr.exe
Size

10.3MB
Sample

250204-zzp5gasmgt
MD5

a0986241fcfed849a9d1dce2466840de
SHA1

6e47f0378ab7c921b3c04d29aae5de1415d1aaf8
SHA256

ac562299cd216585d58cab4c435c1578f3e451820a4c0feb2d902d0662645446
SHA512

8e192128a7be9b6b0857a3eca1a479ed28eaae2943ae1803fdd4b523c57e106f089c6b04cfe318a757171a3e52a603d91d395f94adbf9d5d5f300b3d91311ca4
SSDEEP

49152:sKxzaVKJayp/GrDlGcfk/5ZRuUtNUDrTRaDqeF5gLRyoKq6XBkim7fEM27cIgpvW:sKxzcK

Score

10^/10

quasar seroxen v2.2.2 | nugeta defense_evasion discovery spyware trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

payload_1_sxr.exe

Resource

win7-20241010-en

seroxen defense_evasion trojan

windows7-x64

13 signatures

150 seconds

Behavioral task

behavioral2

Sample

payload_1_sxr.exe

Resource

win10v2004-20250129-en

quasar seroxen v2.2.2 | nugeta defense_evasion discovery spyware trojan

windows10-2004-x64

20 signatures

150 seconds

Malware Config

Extracted

Family

quasar

Version

1.0.0.0

Botnet

v2.2.2 | NuGeta

C2

igboat.com:1167

Mutex

6a5dd02b-c4c3-4c95-8718-d851c4c1b042

Attributes

encryption_key
9DE783214A7E1A7FD46C38C81B5C15C4E297596E
install_name
.exe
log_directory
$sxr-Logs
reconnect_delay
3000

Targets

- Target
  
  payload_1_sxr.exe
- Size
  
  10.3MB
- MD5
  
  a0986241fcfed849a9d1dce2466840de
- SHA1
  
  6e47f0378ab7c921b3c04d29aae5de1415d1aaf8
- SHA256
  
  ac562299cd216585d58cab4c435c1578f3e451820a4c0feb2d902d0662645446
- SHA512
  
  8e192128a7be9b6b0857a3eca1a479ed28eaae2943ae1803fdd4b523c57e106f089c6b04cfe318a757171a3e52a603d91d395f94adbf9d5d5f300b3d91311ca4
- SSDEEP
  
  49152:sKxzaVKJayp/GrDlGcfk/5ZRuUtNUDrTRaDqeF5gLRyoKq6XBkim7fEM27cIgpvW:sKxzcK
Score

10^/10

seroxen defense_evasion trojan quasar v2.2.2 | nugeta discovery spyware
- Quasar RAT
  Quasar is an open source Remote Access Tool.
  trojan spyware quasar
- Quasar family
  quasar
- Quasar payload
- Seroxen family
  seroxen
- Seroxen, Ser0xen
  Seroxen or SeroXen aka Ser0Xen is a trojan fist disovered in late 2022.
  trojan seroxen
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Hide Artifacts: Hidden Window
  Windows that would typically be displayed when an application carries out an operation can be hidden.
  defense_evasion
- Drops file in System32 directory
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Hide Artifacts

Hidden Window

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

seroxendefense_evasiontrojan

behavioral2

quasarseroxenv2.2.2 | nugetadefense_evasiondiscoveryspywaretrojan

© 2018-2025

Terms | Privacy