quasar | bcc8bd5e2381123b28409b8281612d2f3be649e4d4b8d998a9e397db109f631d | Triage

Submit
Reports

Overview

overview

Static

static

Remove.exe

windows10-2004-x64

Sharing

General

Target

Remove.bat
Size

409KB
Sample

240627-3v8b2asanm
MD5

feb685a6bc5600e4e3e5b291432e2071
SHA1

2073252bc7b2ceb812d3fc0ecb0f6c7d32089523
SHA256

bcc8bd5e2381123b28409b8281612d2f3be649e4d4b8d998a9e397db109f631d
SHA512

d87e0e384e79943de4e581b5b505f05b2e0dc3463279f03ceb6cfc54699c5f9e79bab7a0e277176be4eab7b7eadc450bf230af4163f65714a0d456d9288fc4dc
SSDEEP

6144:rMyPp5S6M1Xy0a+agLFaSoVWy/ItKlPb2LH0yDCG4vZ3UiOi9vXna56:Hpg6M1iuagLFB4WxAlKLGjhui9v3a56

Score

10^/10

quasar seroxen spyware trojan

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

Remove.exe

Resource

win10v2004-20240611-en

quasar seroxen spyware trojan

windows10-2004-x64

7 signatures

150 seconds

Malware Config

Extracted

Family

quasar

Version

3.1.5

Botnet

SeroXen

C2

147.185.221.20:47638

Mutex

$Sxr-5wL6M6vfG3ZS45okGB

Attributes

encryption_key
Ss9r1xb2AT8fXYK3H0Z6
install_name
Client.exe
log_directory
Logs
reconnect_delay
1
startup_key
Update32
subdirectory
SubDir

Targets

- Target
  
  Remove.bat
- Size
  
  409KB
- MD5
  
  feb685a6bc5600e4e3e5b291432e2071
- SHA1
  
  2073252bc7b2ceb812d3fc0ecb0f6c7d32089523
- SHA256
  
  bcc8bd5e2381123b28409b8281612d2f3be649e4d4b8d998a9e397db109f631d
- SHA512
  
  d87e0e384e79943de4e581b5b505f05b2e0dc3463279f03ceb6cfc54699c5f9e79bab7a0e277176be4eab7b7eadc450bf230af4163f65714a0d456d9288fc4dc
- SSDEEP
  
  6144:rMyPp5S6M1Xy0a+agLFaSoVWy/ItKlPb2LH0yDCG4vZ3UiOi9vXna56:Hpg6M1iuagLFB4WxAlKLGjhui9v3a56
Score

10^/10

quasar seroxen spyware trojan
- Quasar RAT
  Quasar is an open source Remote Access Tool.
  trojan spyware quasar
- Quasar payload
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

quasarseroxenspywaretrojan

© 2018-2024

Terms | Privacy