quasar | 16146c8f8509d561fd958e0e449806e201c9b162038b39544d8ceefa4a17d460 | Triage

Sharing

General

Target

svchost.exe
Size

3.1MB
Sample

250208-mymlqssjbq
MD5

e37749aa169a0e99033fcbb2a115690b
SHA1

ec10e98852491d8312c7d575755b4ddb63799170
SHA256

16146c8f8509d561fd958e0e449806e201c9b162038b39544d8ceefa4a17d460
SHA512

f7301d801a8559bf75365d19ee83112ebedbbd6c17e45e4ef6c67a5b5636945bb4d28b6c3340549dc8a113c7aadb82ac809dc27c07eb72f864871986bef240ec
SSDEEP

49152:fv+lL26AaNeWgPhlmVqvMQ7XSK2lRJ6cbR3LoGdoTHHB72eh2NT:fvuL26AaNeWgPhlmVqkQ7XSK2lRJ6m

Score

10^/10

quasar svchost discovery spyware trojan

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

svchost

C2

192.168.150.128:443

Mutex

8c51cc91-2010-4f25-b0cb-831824902ce5

Attributes

encryption_key
AD57652772C12EC255BB6DF4385E6327DCCF50D6
install_name
svchost.exe
log_directory
Logs
reconnect_delay
3000
startup_key
Realtek HD Audio Universal Service
subdirectory
SubDir

Targets

- Target
  
  svchost.exe
- Size
  
  3.1MB
- MD5
  
  e37749aa169a0e99033fcbb2a115690b
- SHA1
  
  ec10e98852491d8312c7d575755b4ddb63799170
- SHA256
  
  16146c8f8509d561fd958e0e449806e201c9b162038b39544d8ceefa4a17d460
- SHA512
  
  f7301d801a8559bf75365d19ee83112ebedbbd6c17e45e4ef6c67a5b5636945bb4d28b6c3340549dc8a113c7aadb82ac809dc27c07eb72f864871986bef240ec
- SSDEEP
  
  49152:fv+lL26AaNeWgPhlmVqvMQ7XSK2lRJ6cbR3LoGdoTHHB72eh2NT:fvuL26AaNeWgPhlmVqkQ7XSK2lRJ6m
Score

10^/10

quasar svchost discovery spyware trojan
- Quasar RAT
  Quasar is an open source Remote Access Tool.
  trojan spyware quasar
- Quasar family
  quasar
- Quasar payload
- Downloads MZ/PE file
- Executes dropped EXE
- Drops file in System32 directory
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Location Discovery

System Language Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

quasarsvchostdiscoveryspywaretrojan