quasar | 77a7cd3a32b8f2034e427b8d7ca740a6c4f9e0bc79d4b7eddd7922668ef9f24a | Triage

Submit
Reports

Overview

overview

Static

static

3

2025-04-20...om.exe

windows10-2004-x64

2025-04-20...om.exe

windows11-21h2-x64

Sharing

General

Target

2025-04-20_ac8e7f19e4d3e6ad8bdabd57dc79063e_black-basta_cobalt-strike_satacom
Size

1.5MB
Sample

250420-mqtebawkz4
MD5

ac8e7f19e4d3e6ad8bdabd57dc79063e
SHA1

2dcf6ea2e23dd4f1b774693cde1555b02abd28c9
SHA256

77a7cd3a32b8f2034e427b8d7ca740a6c4f9e0bc79d4b7eddd7922668ef9f24a
SHA512

ffc28fa7cca91a15263e86d973dbdfc19dd1030c46b822d9b01ab4582b6d787dc3c18a10dbd9824d69e25403c1f61456fdf31030fb853a49aff190ac7e47016a
SSDEEP

24576:xEeqQq3KnmI5yjNeGNcZQg0pWdKZGzgDv7hEiOTVGT6QZhkVyYtW:xEuq6mAyjMGNcZOWdsz7exq/kVRtW

Score

10^/10

quasar java spyware trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

2025-04-20_ac8e7f19e4d3e6ad8bdabd57dc79063e_black-basta_cobalt-strike_satacom.exe

Resource

win10v2004-20250314-en

quasar java spyware trojan

windows10-2004-x64

14 signatures

150 seconds

Behavioral task

behavioral2

Sample

2025-04-20_ac8e7f19e4d3e6ad8bdabd57dc79063e_black-basta_cobalt-strike_satacom.exe

Resource

win11-20250411-en

quasar java spyware trojan

windows11-21h2-x64

13 signatures

150 seconds

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

Java

C2

192.168.1.33:4782

Mutex

dbd83e28-626e-4246-bc34-1a191d13a0d2

Attributes

encryption_key
F99A16169D9E428A1B70483052E7EC2C3781496E
install_name
javaupdater.exe
log_directory
Logs
reconnect_delay
3000
startup_key
java
subdirectory
SubDir

Targets

- Target
  
  2025-04-20_ac8e7f19e4d3e6ad8bdabd57dc79063e_black-basta_cobalt-strike_satacom
- Size
  
  1.5MB
- MD5
  
  ac8e7f19e4d3e6ad8bdabd57dc79063e
- SHA1
  
  2dcf6ea2e23dd4f1b774693cde1555b02abd28c9
- SHA256
  
  77a7cd3a32b8f2034e427b8d7ca740a6c4f9e0bc79d4b7eddd7922668ef9f24a
- SHA512
  
  ffc28fa7cca91a15263e86d973dbdfc19dd1030c46b822d9b01ab4582b6d787dc3c18a10dbd9824d69e25403c1f61456fdf31030fb853a49aff190ac7e47016a
- SSDEEP
  
  24576:xEeqQq3KnmI5yjNeGNcZQg0pWdKZGzgDv7hEiOTVGT6QZhkVyYtW:xEuq6mAyjMGNcZOWdsz7exq/kVRtW
Score

10^/10

quasar java spyware trojan
- Quasar RAT
  Quasar is an open source Remote Access Tool.
  trojan spyware quasar
- Quasar family
  quasar
- Quasar payload
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v16

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

quasarjavaspywaretrojan

behavioral2

quasarjavaspywaretrojan

© 2018-2025

Terms | Privacy