quasar | c10b9a9c1202b0f18670a8599b5aa6852dddf40b12b7cf5a3787acd813d8a23c

Analysis

max time kernel
140s
max time network
143s
platform
windows10-ltsc_2021_x64
resource
win10ltsc2021-20250314-en
resource tags

arch:x64arch:x86image:win10ltsc2021-20250314-enlocale:en-usos:windows10-ltsc_2021-x64system
submitted
19/04/2025, 09:01

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

obfus2.exe
Size

1.5MB
MD5

fd490afa1de4699862b5950ea751af37
SHA1

72c8f24b54e8fb12ade27dc0dc483f5c96b16f7c
SHA256

c10b9a9c1202b0f18670a8599b5aa6852dddf40b12b7cf5a3787acd813d8a23c
SHA512

0839bd2cb8653c0fe67154dc1a1b2976f99cbe5d9a1e71236d66f4290ec323f32b03120191aa18d5db5d623cb0320978929887a18523c82e210aba0fbb144a08
SSDEEP

24576:G42/US2eWBRwRR16zhHIPbcNK0KKm77yviUSQaZaOwI55l2S62r9zC5u6a1DFI:GZ/u7wR2EgKKm77LrwCB6Pw

Score

10^/10

quasar spyware trojan

Malware Config

Extracted

Family

quasar

��:a>՘�后��s��6�F�l濺�,@ 3&�

Attributes

encryption_key
0A2600918F5E13281DD3F3E3CF35CA2FEACB6884
reconnect_delay
3000
startup_key
�� D��s�+��\� r8t$�

Signatures

Quasar RAT
Quasar is an open source Remote Access Tool.
trojan spyware quasar
Quasar family
quasar

Quasar payload 1 IoCs

resource	yara_rule
behavioral2/memory/5296-1-0x000002CB85590000-0x000002CB8571E000-memory.dmp	family_quasar

Suspicious behavior: AddClipboardFormatListener 1 IoCs

pid	Process
5296	obfus2.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	5296	obfus2.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
5296	obfus2.exe

C:\Users\Admin\AppData\Local\Temp\obfus2.exe
"C:\Users\Admin\AppData\Local\Temp\obfus2.exe"
1⤵
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:5296

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/5296-0-0x00007FFFA91F3000-0x00007FFFA91F5000-memory.dmp

Filesize
8KB

Download
memory/5296-1-0x000002CB85590000-0x000002CB8571E000-memory.dmp

Filesize
1.6MB

Download
memory/5296-2-0x000002CB85AC0000-0x000002CB85ADA000-memory.dmp

Filesize
104KB

Download
memory/5296-3-0x00007FFFA91F0000-0x00007FFFA9CB2000-memory.dmp

Filesize
10.8MB

Download
memory/5296-6-0x000002CB9FCD0000-0x000002CB9FD20000-memory.dmp

Filesize
320KB

Download
memory/5296-8-0x000002CB9FC50000-0x000002CB9FC9E000-memory.dmp

Filesize
312KB

Download
memory/5296-7-0x000002CBA0B60000-0x000002CBA0C12000-memory.dmp

Filesize
712KB

Download
memory/5296-11-0x000002CB874D0000-0x000002CB874FA000-memory.dmp

Filesize
168KB

Download
memory/5296-10-0x000002CBA0AA0000-0x000002CBA0AEA000-memory.dmp

Filesize
296KB

Download
memory/5296-9-0x000002CB9FD20000-0x000002CB9FD6C000-memory.dmp

Filesize
304KB

Download
memory/5296-5-0x000002CB9FC10000-0x000002CB9FC4A000-memory.dmp

Filesize
232KB

Download
memory/5296-4-0x000002CB87380000-0x000002CB87392000-memory.dmp

Filesize
72KB

Download
memory/5296-15-0x000002CBA12A0000-0x000002CBA12DC000-memory.dmp

Filesize
240KB

Download
memory/5296-14-0x000002CBA0B10000-0x000002CBA0B22000-memory.dmp

Filesize
72KB

Download
memory/5296-16-0x00007FFFA91F3000-0x00007FFFA91F5000-memory.dmp

Filesize
8KB

Download
memory/5296-18-0x00007FFFA91F0000-0x00007FFFA9CB2000-memory.dmp

Filesize
10.8MB

Download
memory/5296-17-0x000002CBA1160000-0x000002CBA125F000-memory.dmp

Filesize
1020KB

Download