Overview

overview

10

Static

static

10

Client-built.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    149s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20250314-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20250314-enlocale:en-usos:windows10-2004-x64system
  • submitted
    31/03/2025, 12:12

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Client-built.exe

  • Size

    871KB

  • MD5

    164b26c14f3e5e20cc50a3c30f2e960f

  • SHA1

    b21f203a867fa641e3629c8a00a38288dc1f4d66

  • SHA256

    7ffb2d5b4a2efed158ebcc6185a0bcf56ebd72b50a426592df7267d57dc87b51

  • SHA512

    118e8335afaefd5b7ea3a96afd493e9681943828246c58c8981d2fe661ed7e518f3551ffbca06af39a5af78f6d39bf8b3808aeb8fe954b10aa8568fcc566a227

  • SSDEEP

    24576:OG/bFSSWHIPbcNK0KKfaOwI55l2SyKgAPMC:t/bF4EgKKHwCBF

Score
10/10
quasartestspywaretrojan

Malware Config

Extracted

Family

quasar

Version

1.5.0

Botnet

test

C2

10.9.149.190:1194

Mutex

78a5da3d-f65b-4b37-a195-c840d91063b3

Attributes
  • encryption_key

    E354BE8686EBA2DA416ABC82619DB721FFFDB307

  • install_name

    Test.exe

  • log_directory

    Logs

  • reconnect_delay

    3000

  • startup_key

    Pulsar Client Startup

  • subdirectory

    $Test

Signatures

  • Quasar RAT

    Quasar is an open source Remote Access Tool.

    trojanspywarequasar
  • Quasar family
    quasar
  • Quasar payload 1 IoCs
  • Suspicious behavior: AddClipboardFormatListener 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Client-built.exe
    "C:\Users\Admin\AppData\Local\Temp\Client-built.exe"
    1⤵
    • Suspicious behavior: AddClipboardFormatListener
    • Suspicious use of AdjustPrivilegeToken
    PID:1700

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1700-0-0x00007FFFB41B3000-0x00007FFFB41B5000-memory.dmp

    Filesize

    8KB

    Download

  • memory/1700-1-0x00000260F8200000-0x00000260F82E0000-memory.dmp

    Filesize

    896KB

    Download

  • memory/1700-2-0x00000260F8700000-0x00000260F871A000-memory.dmp

    Filesize

    104KB

    Download

  • memory/1700-3-0x00007FFFB41B0000-0x00007FFFB4C71000-memory.dmp

    Filesize

    10.8MB

    Download

  • memory/1700-4-0x00000260FAA10000-0x00000260FAA60000-memory.dmp

    Filesize

    320KB

    Download

  • memory/1700-6-0x00000260FA1B0000-0x00000260FA1FE000-memory.dmp

    Filesize

    312KB

    Download

  • memory/1700-5-0x00000260FAB80000-0x00000260FAC32000-memory.dmp

    Filesize

    712KB

    Download

  • memory/1700-7-0x00007FFFB41B3000-0x00007FFFB41B5000-memory.dmp

    Filesize

    8KB

    Download

  • memory/1700-8-0x00007FFFB41B0000-0x00007FFFB4C71000-memory.dmp

    Filesize

    10.8MB

    Download