quasar | 72d2aedd7b7d74faee7b632bc3cbbd8c0c3be4f9ffb61601c7a779e5a7f1052e | Triage

Submit
Reports

Overview

overview

Static

static

Client-built.exe

windows7-x64

Client-built.exe

windows10-2004-x64

Sharing

General

Target

Client-built.exe
Size

3.1MB
Sample

240702-b48klssajb
MD5

e55e15bea243fd9bba10a445fa3441ae
SHA1

4d2f04eb3cd2169652ae28ea02db2aaa8ee1123a
SHA256

72d2aedd7b7d74faee7b632bc3cbbd8c0c3be4f9ffb61601c7a779e5a7f1052e
SHA512

18ac9230fc33a8fa18e0270cf6ea6f68f034dfe15d97a6ac7fc59591f8c7ff05e2014d843ca8c8d0e20345219b491a862dd7900cdf44466cff4f4f862d69c6c2
SSDEEP

49152:yvOI22SsaNYfdPBldt698dBcjHqkFAfdRoGd7MTHHB72eh2NT:yvj22SsaNYfdPBldt6+dBcjHqFff

Score

10^/10

quasar solara spyware trojan

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

Client-built.exe

Resource

win7-20240221-en

quasar solara spyware trojan

windows7-x64

13 signatures

150 seconds

Behavioral task

behavioral2

Sample

Client-built.exe

Resource

win10v2004-20240611-en

quasar solara spyware trojan

windows10-2004-x64

17 signatures

150 seconds

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

Solara

C2

DESKTOP-JVK5CI7:4782

Mutex

39c5c45c-62a0-4623-a904-5cbad2aa6b55

Attributes

encryption_key
41AD0502F025DD3F47720DC4BDEED540F3EAFD12
install_name
securekerneI.exe
log_directory
Logs
reconnect_delay
3000
startup_key
Update
subdirectory
SubDir

Targets

- Target
  
  Client-built.exe
- Size
  
  3.1MB
- MD5
  
  e55e15bea243fd9bba10a445fa3441ae
- SHA1
  
  4d2f04eb3cd2169652ae28ea02db2aaa8ee1123a
- SHA256
  
  72d2aedd7b7d74faee7b632bc3cbbd8c0c3be4f9ffb61601c7a779e5a7f1052e
- SHA512
  
  18ac9230fc33a8fa18e0270cf6ea6f68f034dfe15d97a6ac7fc59591f8c7ff05e2014d843ca8c8d0e20345219b491a862dd7900cdf44466cff4f4f862d69c6c2
- SSDEEP
  
  49152:yvOI22SsaNYfdPBldt698dBcjHqkFAfdRoGd7MTHHB72eh2NT:yvj22SsaNYfdPBldt6+dBcjHqFff
Score

10^/10

quasar solara spyware trojan
- Quasar RAT
  Quasar is an open source Remote Access Tool.
  trojan spyware quasar
- Quasar payload
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Peripheral Device Discovery

Remote System Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

quasarsolaraspywaretrojan

behavioral2

quasarsolaraspywaretrojan

© 2018-2024

Terms | Privacy