quasar | 6a35201b5275aa3f2da2f383dd290a839a3e0eebb596d93dfab5a1c9a5b26728 | Triage

Sharing

General

Target

14022025_0153_13022025_NuevaOrdendeCompra.rar
Size

872KB
Sample

250214-cga69symel
MD5

64f0d5fc2c33a9eee319b83cf94ea3b9
SHA1

0d4ac24647c8b0d9e15644ab51efcfc27ba74616
SHA256

6a35201b5275aa3f2da2f383dd290a839a3e0eebb596d93dfab5a1c9a5b26728
SHA512

423fc3ce2eecf225e4d19f123e3dd15dc9d4b8f2075c1012014340062ec0b8fb8b667489cc2fba627574b99edcf034a46b0896972048b7a1961de447591daac6
SSDEEP

12288:5i8TJ7Fq06JDOYrle3znecMMMDU8NZ2N13As6J780G1mwhYVs2t6XNX6hRy7+7Q0:5HrCtOZzne2F8f2/AdJ40Ge220XgHIO

Score

10^/10

quasar stroy3 discovery spyware trojan

Malware Config

Extracted

Family

quasar

Version

1.3.0.0

Botnet

Stroy3

C2

twentyfivev.crabdance.com:61538

127.0.0.1:61538

Mutex

QSR_MUTEX_jgYB0FbAXwuBLBMCAM

Attributes

encryption_key
7ghxCAmzO7RIdS51gVaQ
install_name
cpdater.exe
log_directory
Logs
reconnect_delay
3000
startup_key
cindows cpdater
subdirectory
cindows

Targets

- Target
  
  Nueva Orden de Compra.exe
- Size
  
  899KB
- MD5
  
  da4bdaef912fbec33c8f6c787c951420
- SHA1
  
  db3d1d6ee8647c350d19bbc0bb0509811373d436
- SHA256
  
  5017f298316f0ee887a1251d0cff9549d98feb8fbca8a4cdf83ef2ade555adb2
- SHA512
  
  9673db99e7e194d7e9c402f6066f14245f9cc5e1ab133ad7b45a76f4c2c7d1b3d9d3c14974fe469bda6e959223205ebd2b047e486b17bd2ed8f3d8c6221540a6
- SSDEEP
  
  24576:AvjQG02u/rcfrYbJ1G3FroaICdyk6ljh:eQwercsbXONoaPds
Score

10^/10

quasar stroy3 discovery spyware trojan
- Quasar RAT
  Quasar is an open source Remote Access Tool.
  trojan spyware quasar
- Quasar family
  quasar
- Quasar payload
- Downloads MZ/PE file
- Executes dropped EXE
- Loads dropped DLL
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

quasarstroy3discoveryspywaretrojan

behavioral2

quasarstroy3discoveryspywaretrojan