quasar | 136d4f11ca284be9615ee652f493d2e357d164091029286eee7b3350c2e7d4c3 | Triage

Submit
Reports

Overview

overview

Static

static

Server.exe

windows10-2004-x64

Sharing

General

Target

Server.exe
Size

3.1MB
Sample

240630-f2b6vatgmh
MD5

89e0f8d71958e344d1071cab560dd305
SHA1

f106a720d7b80d373bbe84792c53aab491a30924
SHA256

136d4f11ca284be9615ee652f493d2e357d164091029286eee7b3350c2e7d4c3
SHA512

4ae82e52ccb2a20b4781ef906edbfabf030c178b45eafe672f163ae668ce02cd20911f898ab5280bf75b66c241478715236da2edc5864b275504d14e35ec42ad
SSDEEP

49152:SvyI22SsaNYfdPBldt698dBcjHQnhabRjPLoGdtaTHHB72eh2NT:Svf22SsaNYfdPBldt6+dBcjHQnhOT

Score

10^/10

quasar hacked spyware trojan

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

Server.exe

Resource

win10v2004-20240508-en

quasar hacked spyware trojan

windows10-2004-x64

12 signatures

150 seconds

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

Hacked

C2

them-recommended.gl.at.ply.gg:37993

Mutex

145f9813-188a-4b62-ba7f-be07578e5a8f

Attributes

encryption_key
9B76C981C0602003513D6F00F317713EF0E2A660
install_name
Updater.exe
log_directory
Logs
reconnect_delay
3000
startup_key
Updater
subdirectory
Update

Targets

- Target
  
  Server.exe
- Size
  
  3.1MB
- MD5
  
  89e0f8d71958e344d1071cab560dd305
- SHA1
  
  f106a720d7b80d373bbe84792c53aab491a30924
- SHA256
  
  136d4f11ca284be9615ee652f493d2e357d164091029286eee7b3350c2e7d4c3
- SHA512
  
  4ae82e52ccb2a20b4781ef906edbfabf030c178b45eafe672f163ae668ce02cd20911f898ab5280bf75b66c241478715236da2edc5864b275504d14e35ec42ad
- SSDEEP
  
  49152:SvyI22SsaNYfdPBldt698dBcjHQnhabRjPLoGdtaTHHB72eh2NT:Svf22SsaNYfdPBldt6+dBcjHQnhOT
Score

10^/10

quasar hacked spyware trojan
- Quasar RAT
  Quasar is an open source Remote Access Tool.
  trojan spyware quasar
- Quasar payload
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
behavioral1

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Remote System Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

quasarhackedspywaretrojan

© 2018-2024

Terms | Privacy