quasar | 8599ef74efe41dd289680cd68671eb83841e3211f5af29c37319625717aaa39d

General

Target

dump.exe
Size

5.8MB
Sample

250213-2da5jawndm
MD5

10c2b6a21c47a6b567b5ea3c0bfb40df
SHA1

c41a11aaaab6da88b5f31ce0a8b05d2d8fe6d7f7
SHA256

8599ef74efe41dd289680cd68671eb83841e3211f5af29c37319625717aaa39d
SHA512

ea57119d520b6483e91504a7ba841a7ce0f3432e43909db529efaca0cd8ba4b3a6e11fc2bd443a0266d8ba70ee7f0d2dfc4743e2043f084f4a3248f37e019a07
SSDEEP

98304:KiSU0Om2cae1pjuzggn+78Rvjxf1npRNX3/hb//eRrklpXzlTDk7NMOFW+uD5mV/:1cae6i8RjLpRNn/hDUrsDZDqNMO4Dc84

Score

10^/10

Malware Config

Extracted

Family

quasar

Version

1.4.0

Botnet

v15.0 | apes

C2

x0p-28935.portmap.host:28935

Mutex

ebcea023-0c6f-4b5a-bee5-b1303518917d

Attributes

encryption_key
2D54CC26681E4B8F78F80945A537E0CA6221A405
install_name
.exe
log_directory
Logs
reconnect_delay
3000
startup_key
$sxr-seroxen

Targets

- Target
  
  dump.exe
- Size
  
  5.8MB
- MD5
  
  10c2b6a21c47a6b567b5ea3c0bfb40df
- SHA1
  
  c41a11aaaab6da88b5f31ce0a8b05d2d8fe6d7f7
- SHA256
  
  8599ef74efe41dd289680cd68671eb83841e3211f5af29c37319625717aaa39d
- SHA512
  
  ea57119d520b6483e91504a7ba841a7ce0f3432e43909db529efaca0cd8ba4b3a6e11fc2bd443a0266d8ba70ee7f0d2dfc4743e2043f084f4a3248f37e019a07
- SSDEEP
  
  98304:KiSU0Om2cae1pjuzggn+78Rvjxf1npRNX3/hb//eRrklpXzlTDk7NMOFW+uD5mV/:1cae6i8RjLpRNn/hDUrsDZDqNMO4Dc84
Score

10^/10

quasar seroxen v15.0 | apes discovery spyware trojan
- Quasar RAT
  Quasar is an open source Remote Access Tool.
  trojan spyware quasar
- Quasar family
  quasar
- Quasar payload
- Seroxen family
  seroxen
- Seroxen, Ser0xen
  Seroxen or SeroXen aka Ser0Xen is a trojan fist disovered in late 2022.
  trojan seroxen
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Downloads MZ/PE file
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

System Network Configuration Discovery

1

T1016

Internet Connection Discovery

1

T1016.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Quasar RAT

Quasar family

Quasar payload

Seroxen family

Seroxen, Ser0xen

Suspicious use of NtCreateUserProcessOtherParentProcess

Downloads MZ/PE file

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2