quasar | ce54308e4ba6119f23d6e430e936d1f7dc5f8156c61003e05883c7adbf94e9d9 | Triage

Submit
Reports

Overview

overview

Static

static

3

Quote RFQ ...om.exe

windows7-x64

Quote RFQ ...om.exe

windows10-2004-x64

Sharing

General

Target

Quote RFQ #00926720250204.pdf(39kb).com.exe
Size

3.6MB
Sample

250211-v1mzaatqaq
MD5

07a4d2a1981e4159e744e3f0bb8d655f
SHA1

fe47d1646972e85667408a28d8db2f2c17b7a313
SHA256

ce54308e4ba6119f23d6e430e936d1f7dc5f8156c61003e05883c7adbf94e9d9
SHA512

b03cd73c43a0e6a536857b523fa5c96910bf8a73002bb4bd7b8315f951eb9e1f625e3e3804a31cec689b6d8a427df600547cf4becf8494c3c3397a2382a55a4e
SSDEEP

98304:6inq/fUlXQu4UB5uq8yPk4KVJgGSg/RSpSTddPTC:3q/fyD4UAlyfKV7Sg/QwTrP

Score

10^/10

quasar es code discovery spyware trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

Quote RFQ #00926720250204.pdf(39kb).com.exe

Resource

win7-20240729-en

quasar es code discovery spyware trojan

windows7-x64

15 signatures

150 seconds

Behavioral task

behavioral2

Sample

Quote RFQ #00926720250204.pdf(39kb).com.exe

Resource

win10v2004-20250211-en

quasar es code discovery spyware trojan

windows10-2004-x64

12 signatures

150 seconds

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

ES CODE

C2

twart.myfirewall.org:9792

rency.ydns.eu:5287

wqo9.firewall-gateway.de:8841

code1.ydns.eu:5287

wqo9.firewall-gateway.de:9792

Mutex

025351e291-5d1041-4fa37-932c7-8L69aeiQec514992

Attributes

encryption_key
3145298725BA5E0DD56E87FFE3F8898EA81E6EDA
install_name
Excelworkbook.exe
log_directory
Logs
reconnect_delay
6000
startup_key
pdfdocument
subdirectory
SubDir

Targets

- Target
  
  Quote RFQ #00926720250204.pdf(39kb).com.exe
- Size
  
  3.6MB
- MD5
  
  07a4d2a1981e4159e744e3f0bb8d655f
- SHA1
  
  fe47d1646972e85667408a28d8db2f2c17b7a313
- SHA256
  
  ce54308e4ba6119f23d6e430e936d1f7dc5f8156c61003e05883c7adbf94e9d9
- SHA512
  
  b03cd73c43a0e6a536857b523fa5c96910bf8a73002bb4bd7b8315f951eb9e1f625e3e3804a31cec689b6d8a427df600547cf4becf8494c3c3397a2382a55a4e
- SSDEEP
  
  98304:6inq/fUlXQu4UB5uq8yPk4KVJgGSg/RSpSTddPTC:3q/fyD4UAlyfKV7Sg/QwTrP
Score

10^/10

quasar es code discovery spyware trojan
- Quasar RAT
  Quasar is an open source Remote Access Tool.
  trojan spyware quasar
- Quasar family
  quasar
- Quasar payload
- Executes dropped EXE
- Loads dropped DLL
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Discovery

Remote System Discovery

System Information Discovery

System Location Discovery

System Language Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

quasares codediscoveryspywaretrojan

behavioral2

quasares codediscoveryspywaretrojan

© 2018-2025

Terms | Privacy