quasar | 7b718d668fa3aed991ee8b9fc8f76fed543e5045f411369df659ee4cf09a0413 | Triage

Sharing

General

Target

Clientv2.exe
Size

3.2MB
Sample

250401-vl3q7avn16
MD5

f312e5b89c544d808859a09fbf8e6e9a
SHA1

917b95dc9c0f5ca7f089ad645c99395419914f37
SHA256

7b718d668fa3aed991ee8b9fc8f76fed543e5045f411369df659ee4cf09a0413
SHA512

2f894bb5f89e403fd22c2b2437043b8e79092f4d019a10fe13db3b89689374c6379af7372723bd343095b1b036b773d8ee3e1b95b955a452c46e0dac74c51b5b
SSDEEP

49152:wvdt62XlaSFNWPjljiFa2RoUYIzlRJ6MbR3LoGdkTHHB72eh2NT:wvf62XlaSFNWPjljiFXRoUYIzlRJ6W

Score

10^/10

quasar quasarv2 spyware trojan

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

Quasarv2

C2

178.83.80.11:4782

Mutex

01be4b22-353e-48a7-a4fc-41ed4d3b5081

Attributes

encryption_key
B729697B6EECAC23F05DCF0A1F0857B793DF22A5
install_name
WinStart.exe
log_directory
TempLogs
reconnect_delay
3000
startup_key
WinStart
subdirectory
SubDir

Targets

- Target
  
  Clientv2.exe
- Size
  
  3.2MB
- MD5
  
  f312e5b89c544d808859a09fbf8e6e9a
- SHA1
  
  917b95dc9c0f5ca7f089ad645c99395419914f37
- SHA256
  
  7b718d668fa3aed991ee8b9fc8f76fed543e5045f411369df659ee4cf09a0413
- SHA512
  
  2f894bb5f89e403fd22c2b2437043b8e79092f4d019a10fe13db3b89689374c6379af7372723bd343095b1b036b773d8ee3e1b95b955a452c46e0dac74c51b5b
- SSDEEP
  
  49152:wvdt62XlaSFNWPjljiFa2RoUYIzlRJ6MbR3LoGdkTHHB72eh2NT:wvf62XlaSFNWPjljiFXRoUYIzlRJ6W
Score

10^/10

quasar quasarv2 spyware trojan
- Quasar RAT
  Quasar is an open source Remote Access Tool.
  trojan spyware quasar
- Quasar family
  quasar
- Quasar payload
- Executes dropped EXE
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

quasarquasarv2spywaretrojan