Analysis
-
max time kernel
10s -
platform
windows11-21h2_x64 -
resource
win11-20250410-en -
resource tags
-
submitted
19/04/2025, 13:20
General
-
Target
build_output/Client.exe
-
Size
1.5MB
-
MD5
c5416d7af360068fcdef344602375982
-
SHA1
f3bdd8d22d96d3003b5a66694e3e3e738b226954
-
SHA256
6f6875eb9c2b61d9b51b06fd8b754c5ccae99118aa660eec14dc80863252c1c9
-
SHA512
7047e0e9bbc5bce3514704b29e812d0fd9a4bc75ef81addd5c42cd38beae8b55cb67080d27f8bb85f7e97f6651c871b2b5d04663ec255de4736335267848c6ff
-
SSDEEP
24576:KaKltwDS2eWBRwRR16zhHIPbcNK0KKm77yviUSQaZaOwI55l2S62r9kiwp2Np:KPltwx7wR2EgKKm77LrwCB614
Score
10/10
Malware Config
Extracted
Family
quasar
Attributes
-
reconnect_delay
5000
Signatures
-
Quasar RAT
Quasar is an open source Remote Access Tool.
-
Quasar family
-
Quasar payload 1 IoCs
-
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\build_output\Client.exe"C:\Users\Admin\AppData\Local\Temp\build_output\Client.exe"1⤵
- Suspicious use of AdjustPrivilegeToken
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
1.5MB
-
Filesize
8KB
-
Filesize
104KB
-
Filesize
10.8MB
-
Filesize
10.8MB