quasar | d24b9d3579ee45a6f8d8762d8aa4c223a8b3935404658bb5009b008187fca45f | Triage

Submit
Reports

Overview

overview

Static

static

5

CSP_200w_setup.exe

windows7-x64

CSP_200w_setup.exe

windows10-2004-x64

3

Sharing

General

Target

CSP_200w_setup.exe
Size

398.8MB
Sample

250328-cg3araspy8
MD5

7304f926256b156cbf9db5571d6388b4
SHA1

00a32364d77934faeb3c79b153eba1adf2977a7c
SHA256

d24b9d3579ee45a6f8d8762d8aa4c223a8b3935404658bb5009b008187fca45f
SHA512

830f685394235ce2b66ebbba9bcb0466afbc8a685722cbd6d978407ce6475f0e30d81aa75de5be1466eb1d27702c41b099283a167497a53898dd1599c53e5d74
SSDEEP

6291456:TJTVJsPA+MqNF524Jg0KOWDlBlKQLjfo+wO4Cm7iW9H2nXy2txJ0gX+xp2d9O9uZ:1+MiJYOiBlTvo+K9HUXyKd2P84O

Score

10^/10

quasar clip studio paint ex v!@!!!discovery execution spyware trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

CSP_200w_setup.exe

Resource

win7-20240903-en

quasar clip studio paint ex v!@!!!discovery execution spyware trojan

windows7-x64

21 signatures

150 seconds

Behavioral task

behavioral2

Sample

CSP_200w_setup.exe

Resource

win10v2004-20250314-en

windows10-2004-x64

3 signatures

150 seconds

Malware Config

Extracted

Family

quasar

Version

1.3.0.0

Botnet

Clip Studio Paint EX v!@!!!

C2

metavm.bumbleshrimp.com:1981

Mutex

GJrr6Uap8uTnzgSEPB

Attributes

encryption_key
KcRMp6Py3ZKc2huydbiR
install_name
Client.exe
log_directory
HDj
reconnect_delay
3000
startup_key
Quasar Client Startup
subdirectory
SubDir

Targets

- Target
  
  CSP_200w_setup.exe
- Size
  
  398.8MB
- MD5
  
  7304f926256b156cbf9db5571d6388b4
- SHA1
  
  00a32364d77934faeb3c79b153eba1adf2977a7c
- SHA256
  
  d24b9d3579ee45a6f8d8762d8aa4c223a8b3935404658bb5009b008187fca45f
- SHA512
  
  830f685394235ce2b66ebbba9bcb0466afbc8a685722cbd6d978407ce6475f0e30d81aa75de5be1466eb1d27702c41b099283a167497a53898dd1599c53e5d74
- SSDEEP
  
  6291456:TJTVJsPA+MqNF524Jg0KOWDlBlKQLjfo+wO4Cm7iW9H2nXy2txJ0gX+xp2d9O9uZ:1+MiJYOiBlTvo+K9HUXyKd2P84O
Score

10^/10

quasar clip studio paint ex v!@!!!discovery execution spyware trojan
- Quasar RAT
  Quasar is an open source Remote Access Tool.
  trojan spyware quasar
- Quasar family
  quasar
- Quasar payload
- Command and Scripting Interpreter: PowerShell
  Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
  execution
- Executes dropped EXE
- Loads dropped DLL
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

Remote System Discovery

System Information Discovery

System Location Discovery

System Language Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

quasarclip studio paint ex v!@!!!discoveryexecutionspywaretrojan

behavioral2

© 2018-2025

Terms | Privacy