quasar | 1215214202d4b3103b6b88470dad2ce0836062703b040ac6a4cdfb4e97bcaa06 | Triage

Sharing

General

Target

ExodusWallet.zip
Size

12.0MB
Sample

250327-vvfb9avzcw
MD5

2472b364203ed098f6b8161ebf1df0c5
SHA1

26a702b42f6b9b32c6fddcfb024fdbecf2ba2f60
SHA256

1215214202d4b3103b6b88470dad2ce0836062703b040ac6a4cdfb4e97bcaa06
SHA512

6c9da01c03ddf9040ea4e8016e34bdff2e380ada298c198a9255b28673c71cc4298648a81c4c19cc476b3aef0e7d2cec9887094b8a21fc39fd781d0df4c620af
SSDEEP

393216:ZOHNU+3jtX4w1bzNTAorDGt36R0D7hGR/o/yW:Qt7jtX7/TAorDUk+7uvW

Score

10^/10

quasar larpvault spyware trojan

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

larpvault

C2

195.177.94.58:7000

Mutex

7e03e3fb-22c0-4bc3-91c5-b78b68c8c267

Attributes

encryption_key
0DE96920F31CF665B8020E803D1D5541E1FEA3E5
install_name
Client.exe
log_directory
Logs
reconnect_delay
3000
startup_key
Quasar Modded Client Startup
subdirectory
SubDir

Targets

- Target
  
  ExodusWallet.zip
- Size
  
  12.0MB
- MD5
  
  2472b364203ed098f6b8161ebf1df0c5
- SHA1
  
  26a702b42f6b9b32c6fddcfb024fdbecf2ba2f60
- SHA256
  
  1215214202d4b3103b6b88470dad2ce0836062703b040ac6a4cdfb4e97bcaa06
- SHA512
  
  6c9da01c03ddf9040ea4e8016e34bdff2e380ada298c198a9255b28673c71cc4298648a81c4c19cc476b3aef0e7d2cec9887094b8a21fc39fd781d0df4c620af
- SSDEEP
  
  393216:ZOHNU+3jtX4w1bzNTAorDGt36R0D7hGR/o/yW:Qt7jtX7/TAorDUk+7uvW
Score

10^/10

quasar larpvault spyware trojan
- Quasar RAT
  Quasar is an open source Remote Access Tool.
  trojan spyware quasar
- Quasar family
  quasar
- Quasar payload
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

larpvaultquasar

behavioral1

quasarlarpvaultspywaretrojan

behavioral2