Overview

overview

10

Static

static

1

URLScan

urlscan

https://github.com/E...

windows11-21h2-x64

10

Resubmissions

30-06-2024 20:33

240630-zb2tcsxhrk 7

30-06-2024 20:26

240630-y78q4svarb 10

30-06-2024 20:25

240630-y7p9rsxgjm 1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    https://github.com/Excalisz/Shadow-Grabber-

  • Sample

    240630-y78q4svarb

Score
10/10
quasarv2.2.6 | tinslerdefense_evasionspywaretrojan

Malware Config

Extracted

Family

quasar

Version

1.0.0.0

Botnet

v2.2.6 | Tinsler

C2

throbbing-mountain-09011.pktriot.net:22112

167.71.56.116:22112

throbbing-mountain-09011.pktriot.net:5050
Mutex

cf16a257-7d89-4296-8384-8fca3dbb568f

Attributes
  • encryption_key

    045F98A287DD47B8B5C074D234995A2C5A913042

  • install_name

    .exe

  • log_directory

    $sxr-Logs

  • reconnect_delay

    1000

Targets

    • Target

      https://github.com/Excalisz/Shadow-Grabber-

    Score
    10/10
    quasarv2.2.6 | tinslerdefense_evasionspywaretrojan

    • Quasar RAT

      Quasar is an open source Remote Access Tool.

      trojanspywarequasar

    • Quasar payload

    • Suspicious use of NtCreateProcessExOtherParentProcess

    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • Executes dropped EXE

    • Hide Artifacts: Hidden Window

      Windows that would typically be displayed when an application carries out an operation can be hidden.

      defense_evasion

    • Legitimate hosting services abused for malware hosting/C2

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

    behavioral1

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Hide Artifacts

2
T1564

Hidden Files and Directories

1
T1564.001

Hidden Window

1
T1564.003

Modify Registry

1
T1112

Credential Access

Discovery

System Information Discovery

3
T1082

Query Registry

3
T1012

Remote System Discovery

1
T1018

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

1
T1102

Impact

Resource Development

Reconnaissance

Tasks