quasar | b9e40ddacf304c8bca72e85f6874c5c0a6faf805546fddbf715be13d83075b05 | Triage

Submit
Reports

Overview

overview

Static

static

Client-built.exe

windows7-x64

Client-built.exe

windows10-2004-x64

Sharing

General

Target

Client-built.exe
Size

3.1MB
Sample

250209-xg45kazkfz
MD5

7a02a595b7bd1078ffc896e35cb32a01
SHA1

4196a3ad1b599fba5fe93283dae0de4fe04cb5b7
SHA256

b9e40ddacf304c8bca72e85f6874c5c0a6faf805546fddbf715be13d83075b05
SHA512

05155aab2585b35793d5fc1fd2beda2457ed70f7fc37551ff6dddb222005ca08c4008a3f352cf6cb85658eca8e510d50af07e3eaee1b8da37ccd15eb45c42eb1
SSDEEP

49152:uv8hBYjCO4Dt2d5aKCuVPzlEmVQL0wvwkas+YNjhtooGdoTHHB72eh2NT:uv2t2d5aKCuVPzlEmVQ0wvwfs+Yy

Score

10^/10

quasar microsoft support discovery spyware trojan

Static task

static1

microsoft support quasar

3 signatures

Behavioral task

behavioral1

Sample

Client-built.exe

Resource

win7-20241010-en

quasar microsoft support spyware trojan

windows7-x64

10 signatures

300 seconds

Behavioral task

behavioral2

Sample

Client-built.exe

Resource

win10v2004-20250207-en

quasar microsoft support discovery spyware trojan

windows10-2004-x64

13 signatures

300 seconds

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

Microsoft Support

C2

147.185.221.25:57276

172.20.10.2:57276

Mutex

a4de83b9-ee43-4481-a07e-43005040ecb1

Attributes

encryption_key
208881ED62CAC7B5AB660B49C4B307B67863D844
install_name
Client.exe
log_directory
Logs
reconnect_delay
3000
startup_key
Microsoft Support
subdirectory
SubDir

Targets

- Target
  
  Client-built.exe
- Size
  
  3.1MB
- MD5
  
  7a02a595b7bd1078ffc896e35cb32a01
- SHA1
  
  4196a3ad1b599fba5fe93283dae0de4fe04cb5b7
- SHA256
  
  b9e40ddacf304c8bca72e85f6874c5c0a6faf805546fddbf715be13d83075b05
- SHA512
  
  05155aab2585b35793d5fc1fd2beda2457ed70f7fc37551ff6dddb222005ca08c4008a3f352cf6cb85658eca8e510d50af07e3eaee1b8da37ccd15eb45c42eb1
- SSDEEP
  
  49152:uv8hBYjCO4Dt2d5aKCuVPzlEmVQL0wvwkas+YNjhtooGdoTHHB72eh2NT:uv2t2d5aKCuVPzlEmVQ0wvwfs+Yy
Score

10^/10

quasar microsoft support spyware trojan discovery
- Quasar RAT
  Quasar is an open source Remote Access Tool.
  trojan spyware quasar
- Quasar family
  quasar
- Quasar payload
- Downloads MZ/PE file
- Executes dropped EXE
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Location Discovery

System Language Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

microsoft supportquasar

behavioral1

quasarmicrosoft supportspywaretrojan

behavioral2

quasarmicrosoft supportdiscoveryspywaretrojan

© 2018-2025

Terms | Privacy