Overview

overview

10

Static

static

10

Client-built.exe

windows11-21h2-x64

10

Analysis

  • max time kernel
    25s
  • max time network
    34s
  • platform
    windows11-21h2_x64
  • resource
    win11-20250313-en
  • resource tags

    arch:x64arch:x86image:win11-20250313-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    28/03/2025, 16:32

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Client-built.exe

  • Size

    1.3MB

  • MD5

    89dedd5a5be40e10d15d8ddead0840e2

  • SHA1

    e6ec62026b2b86534eedce986b8f14bad02991b1

  • SHA256

    2e4dd13fca230aa1d5aa024bf148b64155226883d26bc04d41a2bf4254e70495

  • SHA512

    168ba353a7e982d5a592c08753d21cef95671c0c3f585a3727833ae540f9949324d9ce1cabcb604b1047235da1cc8c327dcbcd5a347652f82463f390516ee291

  • SSDEEP

    24576:9WA+qYdaeoXgOSWHIPbcNK0KKfaOwI55l2SXO8vyjFTFpi3sed:9W0eo/EgKKHwCB+9FTTi

Score
10/10
quasarniaspywaretrojan

Malware Config

Extracted

Family

quasar

Version

1.5.0

Botnet

nia

C2

172.22.94.59:4782

Mutex

59872fd7-8c22-416a-8e2e-11dbf8cf0d11

Attributes
  • encryption_key

    8F2068A83872A8272FFF6545A763F8997C3BDCD2

  • install_name

    Client.exe

  • log_directory

    Logs

  • reconnect_delay

    3000

  • startup_key

    Quasar Modded Client Startup

  • subdirectory

    SubDir

Signatures

  • Quasar RAT

    Quasar is an open source Remote Access Tool.

    trojanspywarequasar
  • Quasar family
    quasar
  • Quasar payload 2 IoCs
  • Suspicious behavior: AddClipboardFormatListener 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Client-built.exe
    "C:\Users\Admin\AppData\Local\Temp\Client-built.exe"
    1⤵
    • Suspicious behavior: AddClipboardFormatListener
    • Suspicious use of AdjustPrivilegeToken
    PID:4616

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/4616-0-0x00007FFE6AAD3000-0x00007FFE6AAD5000-memory.dmp

    Filesize

    8KB

    Download

  • memory/4616-1-0x0000025E26590000-0x0000025E266E6000-memory.dmp

    Filesize

    1.3MB

    Download

  • memory/4616-2-0x0000025E28340000-0x0000025E2835A000-memory.dmp

    Filesize

    104KB

    Download

  • memory/4616-3-0x00007FFE6AAD0000-0x00007FFE6B592000-memory.dmp

    Filesize

    10.8MB

    Download

  • memory/4616-4-0x0000025E41070000-0x0000025E410C0000-memory.dmp

    Filesize

    320KB

    Download

  • memory/4616-5-0x0000025E41180000-0x0000025E41232000-memory.dmp

    Filesize

    712KB

    Download

  • memory/4616-6-0x0000025E41020000-0x0000025E4106E000-memory.dmp

    Filesize

    312KB

    Download

  • memory/4616-7-0x00007FFE6AAD3000-0x00007FFE6AAD5000-memory.dmp

    Filesize

    8KB

    Download

  • memory/4616-8-0x00007FFE6AAD0000-0x00007FFE6B592000-memory.dmp

    Filesize

    10.8MB

    Download