Overview

overview

10

Static

static

10

BouncyCast...to.dll

windows10-ltsc_2021-x64

1

Client.exe

windows10-ltsc_2021-x64

10

Gma.System...ok.dll

windows10-ltsc_2021-x64

1

Kira.exe

windows10-ltsc_2021-x64

10

Microsoft....es.dll

windows10-ltsc_2021-x64

1

Microsoft....im.dll

windows10-ltsc_2021-x64

1

Microsoft....er.dll

windows10-ltsc_2021-x64

1

Microsoft....ce.dll

windows10-ltsc_2021-x64

1

Microsoft....es.dll

windows10-ltsc_2021-x64

1

Microsoft....ns.dll

windows10-ltsc_2021-x64

1

Microsoft....rk.dll

windows10-ltsc_2021-x64

1

Mono.Cecil.Mdb.dll

windows10-ltsc_2021-x64

1

Mono.Cecil.Pdb.dll

windows10-ltsc_2021-x64

1

Mono.Cecil.Rocks.dll

windows10-ltsc_2021-x64

1

Mono.Cecil.dll

windows10-ltsc_2021-x64

1

Open.Nat.dll

windows10-ltsc_2021-x64

1

Quasar.Com...ts.dll

windows10-ltsc_2021-x64

1

Quasar.Common.dll

windows10-ltsc_2021-x64

1

Vestris.Re...ib.dll

windows10-ltsc_2021-x64

1

client.exe

windows10-ltsc_2021-x64

10

protobuf-net.dll

windows10-ltsc_2021-x64

1

Analysis

  • max time kernel
    104s
  • max time network
    137s
  • platform
    windows10-ltsc_2021_x64
  • resource
    win10ltsc2021-20250314-en
  • resource tags

    arch:x64arch:x86image:win10ltsc2021-20250314-enlocale:en-usos:windows10-ltsc_2021-x64system
  • submitted
    04/04/2025, 16:07

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    client.exe

  • Size

    3.1MB

  • MD5

    53a45c6e7e2e587d7db12cfa4476906a

  • SHA1

    57591dafa4fedc5c39e4f4047619c750605d237c

  • SHA256

    220921f2f892a79118811e15d6cdd813776b3898bbc47911060be449bd3f9339

  • SHA512

    d48eff26d1aed4e765793d98ee6061675c2c9249a9bcbcd52be4a115625c33c99b6e09b40b98fa8aa65cf77288ff39429d7b43d4e82a95a9a8e96c017ee432cc

  • SSDEEP

    98304:/nY+y2FqZaVmN+PqlhU//vlL1YGWdT7x:P1Z1CXx

Score
10/10
quasarspywaretrojan

Malware Config

Extracted

Family

quasar

Attributes
  • reconnect_delay

    5000

Signatures

  • Quasar RAT

    Quasar is an open source Remote Access Tool.

    trojanspywarequasar
  • Quasar family
    quasar
  • Quasar payload 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\client.exe
    "C:\Users\Admin\AppData\Local\Temp\client.exe"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:3600

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/3600-0-0x00007FFEFE673000-0x00007FFEFE675000-memory.dmp

    Filesize

    8KB

    Download

  • memory/3600-1-0x0000000000BA0000-0x0000000000ECA000-memory.dmp

    Filesize

    3.2MB

    Download

  • memory/3600-3-0x00007FFEFE670000-0x00007FFEFF132000-memory.dmp

    Filesize

    10.8MB

    Download

  • memory/3600-4-0x00007FFEFE670000-0x00007FFEFF132000-memory.dmp

    Filesize

    10.8MB

    Download