quasar | 12dc2baf687f02a7df0fed338cb08d23f36a4a603ca5f79c4ac4e56a5ba513f8 | Triage

Submit
Reports

Overview

overview

Static

static

3

Client-built2.exe

windows7-x64

Client-built2.exe

windows10-2004-x64

Sharing

General

Target

Client-built2.exe
Size

342KB
Sample

240703-3wg68svapf
MD5

13068ff1db0fbb26129b02afe8567572
SHA1

0fe5b876286049d09c1f4dbf0259c0dac94f1a8a
SHA256

12dc2baf687f02a7df0fed338cb08d23f36a4a603ca5f79c4ac4e56a5ba513f8
SHA512

939594001ac03b07e242cbf9b98067e25eab2684d68b489d702032bfaf941f9ce37d5514cef6d57d856f1e97caf73fa666de6ee1f5604fc95c7ba8169c4cc9a3
SSDEEP

6144:f8CnG6AjVvEdTn4b12eBNwktELSSvllMr2aZn55e45N7m6NiQ+1cuAIfu:f8BIdUbjNvpXr2aTdm6NiXc7f

Score

10^/10

quasar persistence spyware trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

Client-built2.exe

Resource

win7-20240419-en

quasar persistence spyware trojan

windows7-x64

11 signatures

30 seconds

Behavioral task

behavioral2

Sample

Client-built2.exe

Resource

win10v2004-20240508-en

quasar persistence spyware trojan

windows10-2004-x64

12 signatures

30 seconds

Malware Config

Targets

- Target
  
  Client-built2.exe
- Size
  
  342KB
- MD5
  
  13068ff1db0fbb26129b02afe8567572
- SHA1
  
  0fe5b876286049d09c1f4dbf0259c0dac94f1a8a
- SHA256
  
  12dc2baf687f02a7df0fed338cb08d23f36a4a603ca5f79c4ac4e56a5ba513f8
- SHA512
  
  939594001ac03b07e242cbf9b98067e25eab2684d68b489d702032bfaf941f9ce37d5514cef6d57d856f1e97caf73fa666de6ee1f5604fc95c7ba8169c4cc9a3
- SSDEEP
  
  6144:f8CnG6AjVvEdTn4b12eBNwktELSSvllMr2aZn55e45N7m6NiQ+1cuAIfu:f8BIdUbjNvpXr2aTdm6NiXc7f
Score

10^/10

quasar persistence spyware trojan
- Quasar RAT
  Quasar is an open source Remote Access Tool.
  trojan spyware quasar
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Adds Run key to start application
  persistence
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Scheduled Task/Job

Scheduled Task

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

quasarpersistencespywaretrojan

behavioral2

quasarpersistencespywaretrojan

© 2018-2024

Terms | Privacy