quasar | f8fb11582d89eceb099be971266172a0bc9033d350d5343f09436063adfb3ad7 | Triage

Submit
Reports

Overview

overview

Static

static

f8fb11582d...d7.exe

windows7-x64

f8fb11582d...d7.exe

windows10-2004-x64

Sharing

General

Target

f8fb11582d89eceb099be971266172a0bc9033d350d5343f09436063adfb3ad7
Size

3.2MB
Sample

240701-ffb9qawhke
MD5

e9ed2adca7e63a58d0895179fc1e121f
SHA1

ae23767acd8d4a88b7c69d84e4df5f9733653662
SHA256

f8fb11582d89eceb099be971266172a0bc9033d350d5343f09436063adfb3ad7
SHA512

7fc5de0e2d85c85592ff935faa5ffa10e33615c8b2d274d28c322764706c2847ee40a9f15c3867cf278981fe2ac3778cbb9b3bd400f6c4064691f9c7c9ff51b0
SSDEEP

98304:visDo5sRzG+RVgbtHSB2MqlcY+kd4204+N1o:6uRq+8btHSdA/N

Score

10^/10

quasar stereo spyware trojan

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

f8fb11582d89eceb099be971266172a0bc9033d350d5343f09436063adfb3ad7.exe

Resource

win7-20240221-en

quasar stereo spyware trojan

windows7-x64

13 signatures

150 seconds

Behavioral task

behavioral2

Sample

f8fb11582d89eceb099be971266172a0bc9033d350d5343f09436063adfb3ad7.exe

Resource

win10v2004-20240508-en

quasar stereo spyware trojan

windows10-2004-x64

12 signatures

150 seconds

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

Stereo

C2

nickhill112-30910.portmap.host:30910

Mutex

c93b672f-8b8c-48b8-a712-e952d64b741a

Attributes

encryption_key
985DB7D034DB1B5D52F524873569DDDE4080F31C
install_name
Stereo.exe
log_directory
Logs
reconnect_delay
3000
startup_key
update.exe
subdirectory
SubDir

Targets

- Target
  
  f8fb11582d89eceb099be971266172a0bc9033d350d5343f09436063adfb3ad7
- Size
  
  3.2MB
- MD5
  
  e9ed2adca7e63a58d0895179fc1e121f
- SHA1
  
  ae23767acd8d4a88b7c69d84e4df5f9733653662
- SHA256
  
  f8fb11582d89eceb099be971266172a0bc9033d350d5343f09436063adfb3ad7
- SHA512
  
  7fc5de0e2d85c85592ff935faa5ffa10e33615c8b2d274d28c322764706c2847ee40a9f15c3867cf278981fe2ac3778cbb9b3bd400f6c4064691f9c7c9ff51b0
- SSDEEP
  
  98304:visDo5sRzG+RVgbtHSB2MqlcY+kd4204+N1o:6uRq+8btHSdA/N
Score

10^/10

quasar stereo spyware trojan
- Quasar RAT
  Quasar is an open source Remote Access Tool.
  trojan spyware quasar
- Quasar payload
- Detects .NET executables utilizing NyanX-CAT C# Loader
- Detects Windows executables referencing non-Windows User-Agents
- Detects binaries (Windows and macOS) referencing many web browsers. Observed in information stealers.
- Detects executables containing common artifacts observed in infostealers
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

quasarstereospywaretrojan

behavioral2

quasarstereospywaretrojan

© 2018-2024

Terms | Privacy