quasar | f47017465588d49383d9bb5071956e251d4c2ab024270f97b6ba35a3e6e7dec8 | Triage

Submit
Reports

Overview

overview

Static

static

Client-built10.exe

windows7-x64

Client-built10.exe

windows10-2004-x64

Sharing

General

Target

Client-built10.exe
Size

3.1MB
Sample

250327-rm516avp17
MD5

8b09b710cf79da2dbb54ac8548eee0ad
SHA1

b75efaae2675e05f51337bb1380c38b692074656
SHA256

f47017465588d49383d9bb5071956e251d4c2ab024270f97b6ba35a3e6e7dec8
SHA512

92e08ed6248f7e25e630dcfdfadeac8ada8a402def03da2c74c1d69455a8f0262648cb3b14195ea8b7cb7e1de8e510f9fdff897017db9babb675eebd6e07feb5
SSDEEP

49152:WvUt62XlaSFNWPjljiFa2RoUYIxC11JuAoGd/THHB72eh2NT:WvI62XlaSFNWPjljiFXRoUYIxCF

Score

10^/10

quasar kazeku spyware trojan

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

Client-built10.exe

Resource

win7-20240903-en

quasar kazeku spyware trojan

windows7-x64

11 signatures

30 seconds

Behavioral task

behavioral2

Sample

Client-built10.exe

Resource

win10v2004-20250314-en

quasar kazeku spyware trojan

windows10-2004-x64

11 signatures

30 seconds

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

kazeku

C2

0.tcp.ap.ngrok.io:10431

Mutex

7fb11f4b-e530-407c-a46c-8834ab5c4f45

Attributes

encryption_key
2E002E0BA1D95CECCDECD8F8B383C3F7C76A7FD7
install_name
Client.exe
log_directory
Logs
reconnect_delay
3000
startup_key
kazeku
subdirectory
kazeku

Targets

- Target
  
  Client-built10.exe
- Size
  
  3.1MB
- MD5
  
  8b09b710cf79da2dbb54ac8548eee0ad
- SHA1
  
  b75efaae2675e05f51337bb1380c38b692074656
- SHA256
  
  f47017465588d49383d9bb5071956e251d4c2ab024270f97b6ba35a3e6e7dec8
- SHA512
  
  92e08ed6248f7e25e630dcfdfadeac8ada8a402def03da2c74c1d69455a8f0262648cb3b14195ea8b7cb7e1de8e510f9fdff897017db9babb675eebd6e07feb5
- SSDEEP
  
  49152:WvUt62XlaSFNWPjljiFa2RoUYIxC11JuAoGd/THHB72eh2NT:WvI62XlaSFNWPjljiFXRoUYIxCF
Score

10^/10

quasar kazeku spyware trojan
- Quasar RAT
  Quasar is an open source Remote Access Tool.
  trojan spyware quasar
- Quasar family
  quasar
- Quasar payload
- Executes dropped EXE
- Legitimate hosting services abused for malware hosting/C2
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

quasarkazekuspywaretrojan

behavioral2

quasarkazekuspywaretrojan

© 2018-2025

Terms | Privacy

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.