quasar | cf12af32289d5d1913e941419e809fb0d8bb24ba17adc1b6e108075acce35d1f | Triage

Submit
Reports

Overview

overview

Static

static

Client-built.exe

windows11-21h2-x64

Sharing

General

Target

Client-built.exe
Size

3.1MB
Sample

240629-tzjd2athln
MD5

c5807c538665509c9c44356cd82a785d
SHA1

e97dd1a36a23ab468a2002f2c7ebc62c1e68f240
SHA256

cf12af32289d5d1913e941419e809fb0d8bb24ba17adc1b6e108075acce35d1f
SHA512

5bfa426685a5973b09ab550dd035921251061974b1e442307fd8dd858d2796f803c9f4be22ef4e9ccd233015c45b88e9088890d351bcd3188dada33cbdd54cd7
SSDEEP

49152:uvnI22SsaNYfdPBldt698dBcjH6fPR3XoGdfjRTHHB72eh2NT:uvI22SsaNYfdPBldt6+dBcjH63Rn

Score

10^/10

quasar zzzz spyware trojan

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

Client-built.exe

Resource

win11-20240508-en

quasar zzzz spyware trojan

windows11-21h2-x64

8 signatures

150 seconds

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

zzzz

C2

4.tcp.ngrok.io:16868

Mutex

116e2822-047d-4b5c-ad10-563148a1a28e

Attributes

encryption_key
C366BC97216329D1909524412E3ECB1EBC575D07
install_name
Client.exe
log_directory
Logs
reconnect_delay
3000
startup_key
Quasar Client Startup
subdirectory
SubDir

Targets

- Target
  
  Client-built.exe
- Size
  
  3.1MB
- MD5
  
  c5807c538665509c9c44356cd82a785d
- SHA1
  
  e97dd1a36a23ab468a2002f2c7ebc62c1e68f240
- SHA256
  
  cf12af32289d5d1913e941419e809fb0d8bb24ba17adc1b6e108075acce35d1f
- SHA512
  
  5bfa426685a5973b09ab550dd035921251061974b1e442307fd8dd858d2796f803c9f4be22ef4e9ccd233015c45b88e9088890d351bcd3188dada33cbdd54cd7
- SSDEEP
  
  49152:uvnI22SsaNYfdPBldt698dBcjH6fPR3XoGdfjRTHHB72eh2NT:uvI22SsaNYfdPBldt6+dBcjH63Rn
Score

10^/10

quasar zzzz spyware trojan
- Quasar RAT
  Quasar is an open source Remote Access Tool.
  trojan spyware quasar
- Quasar payload
- Legitimate hosting services abused for malware hosting/C2
behavioral1

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Remote System Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

quasarzzzzspywaretrojan

© 2018-2024

Terms | Privacy