Overview

overview

10

Static

static

10

Dynastyn.exe

windows10-2004-x64

10

Dynastyn.exe

windows11-21h2-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Dynastyn.exe

  • Size

    3.1MB

  • Sample

    250419-3m8mtszls9

  • MD5

    7278f8e052dfce0ab3b0e26342df90c7

  • SHA1

    b8e1a85020c3bc897bee6d2dfa2b0b7a0066a877

  • SHA256

    370e43173ca787e6fdb25e366832b962e7361842a8c935275ea10e996a1e65dc

  • SHA512

    d8dfc255717d1756ae67720e17d21098c20ea62ddf2fd4ecc2eb45ce228c12bce655b7754879a834850b9ff831fa58b66daed54d69f869983473b20fbacd11f4

  • SSDEEP

    49152:evBt62XlaSFNWPjljiFa2RoUYI/US21J/+oGdo7THHB72eh2NT:evr62XlaSFNWPjljiFXRoUYI/USf4

Score
10/10
quasardynastyspywaretrojan

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

Dynasty

C2

192.168.1.15:6811

Mutex

1874328e-c44e-4a21-9487-360438f0be06

Attributes
  • encryption_key

    A293A810C06D86E5BF7959B54E0B6A129843E485

  • install_name

    System.exe

  • log_directory

    Dynasty

  • reconnect_delay

    3000

  • startup_key

    System.exe

  • subdirectory

    system64x

Targets

    • Target

      Dynastyn.exe

    • Size

      3.1MB

    • MD5

      7278f8e052dfce0ab3b0e26342df90c7

    • SHA1

      b8e1a85020c3bc897bee6d2dfa2b0b7a0066a877

    • SHA256

      370e43173ca787e6fdb25e366832b962e7361842a8c935275ea10e996a1e65dc

    • SHA512

      d8dfc255717d1756ae67720e17d21098c20ea62ddf2fd4ecc2eb45ce228c12bce655b7754879a834850b9ff831fa58b66daed54d69f869983473b20fbacd11f4

    • SSDEEP

      49152:evBt62XlaSFNWPjljiFa2RoUYI/US21J/+oGdo7THHB72eh2NT:evr62XlaSFNWPjljiFXRoUYI/USf4

    Score
    10/10
    quasardynastyspywaretrojan

    • Quasar RAT

      Quasar is an open source Remote Access Tool.

      trojanspywarequasar

    • Quasar family

      quasar

    • Quasar payload

    • Executes dropped EXE

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v16

Tasks