Overview

overview

10

Static

static

1

RUN_ME.bat

windows11-21h2-x64

10

RUN_ME.bat

ubuntu-24.04-amd64

Sharing

Copy URL
Twitter E-mail

General

  • Target

    RUN_ME.bat

  • Size

    5KB

  • Sample

    250419-z7phxaxns5

  • MD5

    d0fb2b898127e72c285d6478c0989d69

  • SHA1

    021ed2c902029ed393052e42351086db991c3ebd

  • SHA256

    2e1e9dc2fa7ba5b2c74933c6d6d7a1ba9c131e8ac53bddf816ab45a24b30f2c9

  • SHA512

    e8dfcf4dd115d187a2c2e3e8b59865d51bcbfb53f1de9906ae893ceb7d3bd2576f43f16ac974d7af371e4cd525f80038c1f7cdd0206f9cc0c17e73dba9c535f4

  • SSDEEP

    96:/XqD95VsQtOJQR1a+MKTADqW7ymLElrbefZ0NdSD4+q0:/XqD/V0QR1a+MYADqW2mLcbef6S8K

Score
10/10
quasarexecutionlinuxspywaretrojan

Malware Config

Extracted

Family

quasar

Attributes
  • reconnect_delay

    5000

Targets

    • Target

      RUN_ME.bat

    • Size

      5KB

    • MD5

      d0fb2b898127e72c285d6478c0989d69

    • SHA1

      021ed2c902029ed393052e42351086db991c3ebd

    • SHA256

      2e1e9dc2fa7ba5b2c74933c6d6d7a1ba9c131e8ac53bddf816ab45a24b30f2c9

    • SHA512

      e8dfcf4dd115d187a2c2e3e8b59865d51bcbfb53f1de9906ae893ceb7d3bd2576f43f16ac974d7af371e4cd525f80038c1f7cdd0206f9cc0c17e73dba9c535f4

    • SSDEEP

      96:/XqD95VsQtOJQR1a+MKTADqW7ymLElrbefZ0NdSD4+q0:/XqD/V0QR1a+MYADqW2mLcbef6S8K

    Score
    10/10
    quasarexecutionspywaretrojan

    • Quasar RAT

      Quasar is an open source Remote Access Tool.

      trojanspywarequasar

    • Quasar family

      quasar

    • Quasar payload

    • Blocklisted process makes network request

    • Executes dropped EXE

    • Command and Scripting Interpreter: PowerShell

      Using powershell.exe command.

      execution
    behavioral1behavioral2

MITRE ATT&CK Enterprise v16

Tasks