quasar | 783e6ea626cd72ba14c844f7de9cb57e6d56bb894aec3dbe223e81f065b2bc2f | Triage

Submit
Reports

Overview

overview

Static

static

783e6ea626...2f.exe

windows7-x64

783e6ea626...2f.exe

windows10-2004-x64

Sharing

General

Target

783e6ea626cd72ba14c844f7de9cb57e6d56bb894aec3dbe223e81f065b2bc2f
Size

2.7MB
Sample

240630-2421yaycmf
MD5

371d95abce192df7ac5648f4f954c456
SHA1

f243994c2906525292b44b40e78aa0358589592f
SHA256

783e6ea626cd72ba14c844f7de9cb57e6d56bb894aec3dbe223e81f065b2bc2f
SHA512

6ef6bf42d47e3a5b4995ddd985c6726ffd1883ecbbf3c71f62511abc7d20fde208cd0371a3bcff54c855c253e1d483dd8a9ed2b661d734df3ac526a9514b3979
SSDEEP

49152:uc4IZF1R2mztVOo6Ol9ureHIge8lDNlMdCKaGv2LkmNKUSW:uc4IZvR2mztVOo6Ol9uriIge8lP

Score

10^/10

quasar serviceone spyware trojan

Static task

static1

serviceone quasar

6 signatures

Behavioral task

behavioral1

Sample

783e6ea626cd72ba14c844f7de9cb57e6d56bb894aec3dbe223e81f065b2bc2f.exe

Resource

win7-20231129-en

quasar serviceone spyware trojan

windows7-x64

14 signatures

150 seconds

Behavioral task

behavioral2

Sample

783e6ea626cd72ba14c844f7de9cb57e6d56bb894aec3dbe223e81f065b2bc2f.exe

Resource

win10v2004-20240508-en

quasar serviceone spyware trojan

windows10-2004-x64

15 signatures

150 seconds

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

serviceone

C2

serviceofflineupdate.ddnsgeek.com:4782

Mutex

17af5434-027b-475c-85b6-fca637f3330d

Attributes

encryption_key
F5275112E106580A140655595766AE270983F72B
install_name
Chrome.exe
log_directory
Logs
reconnect_delay
6000
startup_key
chrome update
subdirectory
SubDir

Targets

- Target
  
  783e6ea626cd72ba14c844f7de9cb57e6d56bb894aec3dbe223e81f065b2bc2f
- Size
  
  2.7MB
- MD5
  
  371d95abce192df7ac5648f4f954c456
- SHA1
  
  f243994c2906525292b44b40e78aa0358589592f
- SHA256
  
  783e6ea626cd72ba14c844f7de9cb57e6d56bb894aec3dbe223e81f065b2bc2f
- SHA512
  
  6ef6bf42d47e3a5b4995ddd985c6726ffd1883ecbbf3c71f62511abc7d20fde208cd0371a3bcff54c855c253e1d483dd8a9ed2b661d734df3ac526a9514b3979
- SSDEEP
  
  49152:uc4IZF1R2mztVOo6Ol9ureHIge8lDNlMdCKaGv2LkmNKUSW:uc4IZvR2mztVOo6Ol9uriIge8lP
Score

10^/10

quasar serviceone spyware trojan
- Quasar RAT
  Quasar is an open source Remote Access Tool.
  trojan spyware quasar
- Quasar payload
- Detects Windows executables referencing non-Windows User-Agents
- Detects binaries (Windows and macOS) referencing many web browsers. Observed in information stealers.
- Detects executables containing common artifacts observed in infostealers
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Remote System Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

serviceonequasar

behavioral1

quasarserviceonespywaretrojan

behavioral2

quasarserviceonespywaretrojan

© 2018-2024

Terms | Privacy