quasar | 913818cbb566744d97334e44051152cba76e7f51e0ca0d54ea3d401e304480a3 | Triage

Submit
Reports

Overview

overview

Static

static

Windows-De...ty.exe

windows7-x64

Windows-De...ty.exe

windows10-2004-x64

Sharing

General

Target

Windows-Defender-Secuirty.exe
Size

3.2MB
Sample

250205-py2f1awqdv
MD5

9ba5115936784f8cb9ac69bd61736c55
SHA1

dac63ba8cc947740f97d83d734eb6010a67e983c
SHA256

913818cbb566744d97334e44051152cba76e7f51e0ca0d54ea3d401e304480a3
SHA512

9628b5787262619bf752e66bbefd668ffde71036beb8672b4ec35c0cea5d37ce2b181e3a2c7ca56bacab4752516174ee72b917954d4dfe5790fe986da9b79d22
SSDEEP

49152:4vElL26AaNeWgPhlmVqvMQ7XSK4MR16tbR3NoGdq6THHB72eh2NT:4vkL26AaNeWgPhlmVqkQ7XSK4MR16Z

Score

10^/10

quasar minecraft discovery spyware trojan

Static task

static1

minecraft quasar

3 signatures

Behavioral task

behavioral1

Sample

Windows-Defender-Secuirty.exe

Resource

win7-20240903-en

quasar minecraft spyware trojan

windows7-x64

11 signatures

150 seconds

Behavioral task

behavioral2

Sample

Windows-Defender-Secuirty.exe

Resource

win10v2004-20250129-en

quasar minecraft discovery spyware trojan

windows10-2004-x64

16 signatures

150 seconds

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

Minecraft

C2

193.161.193.99:31740

Mutex

7424fadc-becc-4b4c-bea3-27b51a34ad76

Attributes

encryption_key
69C432FEA7A429312DD8D56BD03E551FF7516129
install_name
SecurityHealthManager.exe
log_directory
lom
reconnect_delay
3000
startup_key
SecurityHealthManager
subdirectory
Health

Targets

- Target
  
  Windows-Defender-Secuirty.exe
- Size
  
  3.2MB
- MD5
  
  9ba5115936784f8cb9ac69bd61736c55
- SHA1
  
  dac63ba8cc947740f97d83d734eb6010a67e983c
- SHA256
  
  913818cbb566744d97334e44051152cba76e7f51e0ca0d54ea3d401e304480a3
- SHA512
  
  9628b5787262619bf752e66bbefd668ffde71036beb8672b4ec35c0cea5d37ce2b181e3a2c7ca56bacab4752516174ee72b917954d4dfe5790fe986da9b79d22
- SSDEEP
  
  49152:4vElL26AaNeWgPhlmVqvMQ7XSK4MR16tbR3NoGdq6THHB72eh2NT:4vkL26AaNeWgPhlmVqkQ7XSK4MR16Z
Score

10^/10

quasar minecraft spyware trojan discovery
- Quasar RAT
  Quasar is an open source Remote Access Tool.
  trojan spyware quasar
- Quasar family
  quasar
- Quasar payload
- Executes dropped EXE
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

minecraftquasar

behavioral1

quasarminecraftspywaretrojan

behavioral2

quasarminecraftdiscoveryspywaretrojan

© 2018-2025

Terms | Privacy