quasar | f0e2c81a913c45b22e544dae28407eb6634751700c200fc889a39dd422e42a28 | Triage

Submit
Reports

Overview

overview

Static

static

3

1e45289ae6...18.exe

windows7-x64

1

1e45289ae6...18.exe

windows10-2004-x64

Sharing

General

Target

1e45289ae6c35927fd465a8dc4259709_JaffaCakes118
Size

2.9MB
Sample

240702-gy9hlstcqj
MD5

1e45289ae6c35927fd465a8dc4259709
SHA1

949cb73c2b7d22bf4098ca923b8721f868bf5542
SHA256

f0e2c81a913c45b22e544dae28407eb6634751700c200fc889a39dd422e42a28
SHA512

e0e6194df6817431c9e3e28ad38325c2b2c695e8ba22850ef46c77e5180efa3592690dac2838d988b7f8e91a651326b5b247ece0957df530f28c0998781b312e
SSDEEP

49152:GNapUSKPQktseYQmOzkfO5/mFZfwjzBF/FCRGKPYufONsabCUHeze9/K:g4USK3igb5/mbwXfwGKGN3e69

Score

10^/10

quasar smart2 spyware trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

1e45289ae6c35927fd465a8dc4259709_JaffaCakes118.exe

Resource

win7-20240611-en

windows7-x64

0 signatures

150 seconds

Behavioral task

behavioral2

Sample

1e45289ae6c35927fd465a8dc4259709_JaffaCakes118.exe

Resource

win10v2004-20240611-en

quasar smart2 spyware trojan

windows10-2004-x64

11 signatures

150 seconds

Malware Config

Extracted

Family

quasar

Version

1.4.0

Botnet

SMART2

C2

vpnnid.hopto.org:4783

Mutex

3480c736-2dc5-454c-9fb1-5a26a450ce30

Attributes

encryption_key
C390E62881F25347C39CDE51024A9C687D49675F
install_name
Client.exe
log_directory
Logs
reconnect_delay
3000
startup_key
Quasar Client Startup
subdirectory
SubDir

Targets

- Target
  
  1e45289ae6c35927fd465a8dc4259709_JaffaCakes118
- Size
  
  2.9MB
- MD5
  
  1e45289ae6c35927fd465a8dc4259709
- SHA1
  
  949cb73c2b7d22bf4098ca923b8721f868bf5542
- SHA256
  
  f0e2c81a913c45b22e544dae28407eb6634751700c200fc889a39dd422e42a28
- SHA512
  
  e0e6194df6817431c9e3e28ad38325c2b2c695e8ba22850ef46c77e5180efa3592690dac2838d988b7f8e91a651326b5b247ece0957df530f28c0998781b312e
- SSDEEP
  
  49152:GNapUSKPQktseYQmOzkfO5/mFZfwjzBF/FCRGKPYufONsabCUHeze9/K:g4USK3igb5/mbwXfwGKGN3e69
Score

10^/10

quasar smart2 spyware trojan
- Quasar RAT
  Quasar is an open source Remote Access Tool.
  trojan spyware quasar
- Quasar payload
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Remote System Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

behavioral2

quasarsmart2spywaretrojan

© 2018-2024

Terms | Privacy