quasar | eabafc43f60c7a0f9b29358aaf66df5e539eae7da4206e19fca24a7cad16ec22 | Triage

Submit
Reports

Overview

overview

Static

static

1

Uni.bat

windows11-21h2-x64

Sharing

General

Target

Uni.bat
Size

576KB
Sample

240702-vj22wasdqg
MD5

53c25a989659575eda761a7e10e47639
SHA1

3f9dab7caaa8ce9d090c345a45d840ca6d6403bd
SHA256

eabafc43f60c7a0f9b29358aaf66df5e539eae7da4206e19fca24a7cad16ec22
SHA512

596c2d21690b6ff2651d2a49c54d3f3fd0b5c84b2cb201941f76283a7f63000c97a362e8d1bbccedaa8edc31a9423ba5684cf695c8be2de756067bdba518b75d
SSDEEP

12288:NeI/2vRHcJNVJ5F/FKOws8GcYLeRqjaJ9Gx0R6FSXc2:L/68JTF0pSaJ99RGs

Score

10^/10

quasar seroxen execution spyware trojan

Static task

static1

Behavioral task

behavioral1

Sample

Uni.bat

Resource

win11-20240611-en

quasar seroxen execution spyware trojan

windows11-21h2-x64

12 signatures

150 seconds

Malware Config

Extracted

Family

quasar

Version

15.5.0

Botnet

SeroXen

C2

147.185.221.20:49485

Mutex

QSR_MUTEX_rzhQPLl57DqbMvbZp9

Attributes

encryption_key
uci47GgWZEaymmo5mXad
install_name
Client.exe
log_directory
$sxr-Logs
reconnect_delay
3000
startup_key
Quasar Client Startup
subdirectory
SubDir

Targets

- Target
  
  Uni.bat
- Size
  
  576KB
- MD5
  
  53c25a989659575eda761a7e10e47639
- SHA1
  
  3f9dab7caaa8ce9d090c345a45d840ca6d6403bd
- SHA256
  
  eabafc43f60c7a0f9b29358aaf66df5e539eae7da4206e19fca24a7cad16ec22
- SHA512
  
  596c2d21690b6ff2651d2a49c54d3f3fd0b5c84b2cb201941f76283a7f63000c97a362e8d1bbccedaa8edc31a9423ba5684cf695c8be2de756067bdba518b75d
- SSDEEP
  
  12288:NeI/2vRHcJNVJ5F/FKOws8GcYLeRqjaJ9Gx0R6FSXc2:L/68JTF0pSaJ99RGs
Score

10^/10

quasar seroxen execution spyware trojan
- Quasar RAT
  Quasar is an open source Remote Access Tool.
  trojan spyware quasar
- Quasar payload
- Blocklisted process makes network request
- Command and Scripting Interpreter: PowerShell
  Run Powershell and hide display window.
  execution
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

quasarseroxenexecutionspywaretrojan

© 2018-2024

Terms | Privacy