General
-
Target
startup_str_232.bat
-
Size
1.8MB
-
Sample
250211-nghrwswnam
-
MD5
d7c48a5173ca5bc25644c9799109c835
-
SHA1
8845470e96cf21d7ff11961d3dd370787960dc22
-
SHA256
39b6ba1d146867517cb7772b4a9665bf9139319dcb9e01ebb584ddab9daf54a8
-
SHA512
e6a9e4d84ae1609ce511ba346faac33023e5ed3217a5c082be69ef18378ae3498153659aeeb506d2100c696cb50d329e6c2c24d4233c2b1f9442a5c59293a939
-
SSDEEP
24576:va3qjALWb5fJ3LTbHrDt9uwqPffkE8s706cW4DNTfWihRFxwVyU6fmD7+P+XbCBe:y6ALi5fdLT1qPHlovRciV+VLkrWy4hx
Malware Config
Extracted
quasar
1.0.0
Office04
127.0.0.1:4782
504956fd-d532-425c-9e82-cbe7902cf377
-
encryption_key
B8B9B325A830EF659FA4EC42DB8AA956BB46428A
-
install_name
Client.exe
-
log_directory
Logs
-
reconnect_delay
3000
-
startup_key
Quasar Client Startup
-
subdirectory
SubDir
Targets
-
-
Target
startup_str_232.bat
-
Size
1.8MB
-
MD5
d7c48a5173ca5bc25644c9799109c835
-
SHA1
8845470e96cf21d7ff11961d3dd370787960dc22
-
SHA256
39b6ba1d146867517cb7772b4a9665bf9139319dcb9e01ebb584ddab9daf54a8
-
SHA512
e6a9e4d84ae1609ce511ba346faac33023e5ed3217a5c082be69ef18378ae3498153659aeeb506d2100c696cb50d329e6c2c24d4233c2b1f9442a5c59293a939
-
SSDEEP
24576:va3qjALWb5fJ3LTbHrDt9uwqPffkE8s706cW4DNTfWihRFxwVyU6fmD7+P+XbCBe:y6ALi5fdLT1qPHlovRciV+VLkrWy4hx
Score10/10-
Quasar RAT
Quasar is an open source Remote Access Tool.
-
Quasar family
-
Quasar payload
-
Command and Scripting Interpreter: PowerShell
Run Powershell and hide display window.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-