quasar | 66bc9a4e0f2a4227a412decc3fca0aac864ea03220afac1ec097d35635fd3160 | Triage

Submit
Reports

Overview

overview

Static

static

Client-built.exe

windows10-ltsc_2021-x64

Sharing

General

Target

Client-built.exe
Size

3.1MB
Sample

250327-19bkhayyes
MD5

c29f45e56a8e5440afaa649f1e487413
SHA1

c30566ac9bc7b419293b5491c34953098b348ac7
SHA256

66bc9a4e0f2a4227a412decc3fca0aac864ea03220afac1ec097d35635fd3160
SHA512

c6098347f261b69e8d9be58ba069d23e0049c6c5682940aa05c158b98db864d99ab86aebb3968ba3745b23d2f76ca13a707b4615fd4d80ff192704a500406e54
SSDEEP

49152:fvXI22SsaNYfdPBldt698dBcjHymxNESEVk/i/LoGdGTHHB72eh2NT:fvY22SsaNYfdPBldt6+dBcjHbxMD

Score

10^/10

quasar skibdi discovery spyware trojan

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

Client-built.exe

Resource

win10ltsc2021-20250313-en

quasar skibdi discovery spyware trojan

windows10-ltsc_2021-x64

24 signatures

300 seconds

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

Skibdi

C2

7.tcp.eu.ngrok.io:16233

Mutex

53790885-f84e-49fe-b0f5-533bcec24786

Attributes

encryption_key
3428C8CDB24FFC56DF6BBDDEC9905C3058F7B092
install_name
WindowsDefender.exe
log_directory
Logs
reconnect_delay
3000
startup_key
WindowsDefender
subdirectory
WindowsDefender

Targets

- Target
  
  Client-built.exe
- Size
  
  3.1MB
- MD5
  
  c29f45e56a8e5440afaa649f1e487413
- SHA1
  
  c30566ac9bc7b419293b5491c34953098b348ac7
- SHA256
  
  66bc9a4e0f2a4227a412decc3fca0aac864ea03220afac1ec097d35635fd3160
- SHA512
  
  c6098347f261b69e8d9be58ba069d23e0049c6c5682940aa05c158b98db864d99ab86aebb3968ba3745b23d2f76ca13a707b4615fd4d80ff192704a500406e54
- SSDEEP
  
  49152:fvXI22SsaNYfdPBldt698dBcjHymxNESEVk/i/LoGdGTHHB72eh2NT:fvY22SsaNYfdPBldt6+dBcjHbxMD
Score

10^/10

quasar skibdi discovery spyware trojan
- Quasar RAT
  Quasar is an open source Remote Access Tool.
  trojan spyware quasar
- Quasar family
  quasar
- Quasar payload
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Legitimate hosting services abused for malware hosting/C2
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

quasarskibdidiscoveryspywaretrojan

© 2018-2025

Terms | Privacy

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.