quasar | b93b5cc63a5ee1981c074abb7921a4bdb147197dc85dd1af42305066736d8574 | Triage

Submit
Reports

Overview

overview

Static

static

b93b5cc63a...74.exe

windows7-x64

b93b5cc63a...74.exe

windows10-2004-x64

Sharing

General

Target

b93b5cc63a5ee1981c074abb7921a4bdb147197dc85dd1af42305066736d8574.exe
Size

3.4MB
Sample

250327-ejmdesxsas
MD5

61a23a5c02f19dda41b5f63b48784a96
SHA1

def21ab5c10bf3b4e5a5d2b2abb5d00b8e2dea18
SHA256

b93b5cc63a5ee1981c074abb7921a4bdb147197dc85dd1af42305066736d8574
SHA512

2e210707c58c71aa20a6ddffd95b83fd5c61e039a4201a807409ad1570c4650bb6549e85bb161631ccae26e310799379864e1b3c090145d103f1a6bdc9573cf4
SSDEEP

49152:XvulL26AaNeWgPhlmVqvMQ7XSKeK8FEzUkk/bZLoGd5YTHHB72eh2NT:XveL26AaNeWgPhlmVqkQ7XSKH8tp

Score

10^/10

quasar kaspersky discovery spyware trojan

Static task

static1

kaspersky quasar

3 signatures

Behavioral task

behavioral1

Sample

b93b5cc63a5ee1981c074abb7921a4bdb147197dc85dd1af42305066736d8574.exe

Resource

win7-20240903-en

quasar kaspersky discovery spyware trojan

windows7-x64

11 signatures

150 seconds

Behavioral task

behavioral2

Sample

b93b5cc63a5ee1981c074abb7921a4bdb147197dc85dd1af42305066736d8574.exe

Resource

win10v2004-20250314-en

quasar kaspersky discovery spyware trojan

windows10-2004-x64

12 signatures

150 seconds

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

Kaspersky

C2

mmdrza.ddns.net:25565

Mutex

fba445f3-0d80-4a93-bed3-c92c762015fc

Attributes

encryption_key
953F5906F7FC4FE5000EA40834065AE361109E51
install_name
kaspsersky32.exe
log_directory
Failture logs
reconnect_delay
3000
startup_key
Kaspersky auto update
subdirectory
Kaspersky

Targets

- Target
  
  b93b5cc63a5ee1981c074abb7921a4bdb147197dc85dd1af42305066736d8574.exe
- Size
  
  3.4MB
- MD5
  
  61a23a5c02f19dda41b5f63b48784a96
- SHA1
  
  def21ab5c10bf3b4e5a5d2b2abb5d00b8e2dea18
- SHA256
  
  b93b5cc63a5ee1981c074abb7921a4bdb147197dc85dd1af42305066736d8574
- SHA512
  
  2e210707c58c71aa20a6ddffd95b83fd5c61e039a4201a807409ad1570c4650bb6549e85bb161631ccae26e310799379864e1b3c090145d103f1a6bdc9573cf4
- SSDEEP
  
  49152:XvulL26AaNeWgPhlmVqvMQ7XSKeK8FEzUkk/bZLoGd5YTHHB72eh2NT:XveL26AaNeWgPhlmVqkQ7XSKH8tp
Score

10^/10

quasar kaspersky discovery spyware trojan
- Quasar RAT
  Quasar is an open source Remote Access Tool.
  trojan spyware quasar
- Quasar family
  quasar
- Quasar payload
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

Remote System Discovery

System Information Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

kasperskyquasar

behavioral1

quasarkasperskydiscoveryspywaretrojan

behavioral2

quasarkasperskydiscoveryspywaretrojan

© 2018-2025

Terms | Privacy