quasar | a75d7cddda0bf75b82bbd0f86361924b37e8d4e30b4d78233647c72f607a9417 | Triage

Submit
Reports

Overview

overview

Static

static

retracbubblewrap.exe

windows7-x64

retracbubblewrap.exe

windows10-2004-x64

Sharing

General

Target

retracbubblewrap.exe
Size

3.1MB
Sample

250213-zv1emswkew
MD5

3158a87cc232a73f4df5b657536bd32b
SHA1

e531e74b2d67701058dc0d865d6a42fdba327cfd
SHA256

a75d7cddda0bf75b82bbd0f86361924b37e8d4e30b4d78233647c72f607a9417
SHA512

13ccd864f4005200e3d0e43c84bfb4d2d970f96e4e596626b4ceb706e24e4d577accb81b569e83436c1f634131de521bcb06c724bf5a054df543af1895618c94
SSDEEP

49152:rv2I22SsaNYfdPBldt698dBcjHFbRJ6XbR3LoGdRTHHB72eh2NT:rvb22SsaNYfdPBldt6+dBcjHFbRJ6p

Score

10^/10

quasar watafak.org discovery spyware trojan

Static task

static1

watafak.org quasar

3 signatures

Behavioral task

behavioral1

Sample

retracbubblewrap.exe

Resource

win7-20240903-en

quasar watafak.org discovery spyware trojan

windows7-x64

13 signatures

150 seconds

Behavioral task

behavioral2

Sample

retracbubblewrap.exe

Resource

win10v2004-20250211-en

quasar watafak.org discovery spyware trojan

windows10-2004-x64

16 signatures

150 seconds

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

watafak.org

C2

SlotMode-60377.portmap.host::60377

Mutex

4b033274-74df-4a33-9b1c-b511ea8adfd0

Attributes

encryption_key
15F7B7E72381E729EFE3F3EC04B9B82B2C52ECB9
install_name
Client.exe
log_directory
Logs
reconnect_delay
3000
startup_key
watafak.com
subdirectory
SubDir

Targets

- Target
  
  retracbubblewrap.exe
- Size
  
  3.1MB
- MD5
  
  3158a87cc232a73f4df5b657536bd32b
- SHA1
  
  e531e74b2d67701058dc0d865d6a42fdba327cfd
- SHA256
  
  a75d7cddda0bf75b82bbd0f86361924b37e8d4e30b4d78233647c72f607a9417
- SHA512
  
  13ccd864f4005200e3d0e43c84bfb4d2d970f96e4e596626b4ceb706e24e4d577accb81b569e83436c1f634131de521bcb06c724bf5a054df543af1895618c94
- SSDEEP
  
  49152:rv2I22SsaNYfdPBldt698dBcjHFbRJ6XbR3LoGdRTHHB72eh2NT:rvb22SsaNYfdPBldt6+dBcjHFbRJ6p
Score

10^/10

quasar watafak.org discovery spyware trojan
- Quasar RAT
  Quasar is an open source Remote Access Tool.
  trojan spyware quasar
- Quasar family
  quasar
- Quasar payload
- Downloads MZ/PE file
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

Remote System Discovery

System Information Discovery

System Location Discovery

System Language Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

watafak.orgquasar

behavioral1

quasarwatafak.orgdiscoveryspywaretrojan

behavioral2

quasarwatafak.orgdiscoveryspywaretrojan

© 2018-2025

Terms | Privacy