quasar | e387a6be7c1369e5f61c5594955ece0eaf5e2a3ab8c55eb0943524de23ea5b13 | Triage

Submit
Reports

Overview

overview

Static

static

frehtgjtyujtyhtyj.exe

windows7-x64

frehtgjtyujtyhtyj.exe

windows10-2004-x64

Sharing

General

Target

frehtgjtyujtyhtyj.exe
Size

3.1MB
Sample

240613-d88saawgqr
MD5

c4bcdf41ff03011cc03d14b924447225
SHA1

e0f8951c64c77531b383bcdf3b84e2d6b41b70a2
SHA256

e387a6be7c1369e5f61c5594955ece0eaf5e2a3ab8c55eb0943524de23ea5b13
SHA512

49bfd746a0db00bb404f252bc80ee1fcbe535a9c9e8138c9f05d4177f3a1cae126a1f0e7272a5e4b234000014fb820f5da946a05d60e53c4722a8dce307e3c1c
SSDEEP

49152:Nv/t62XlaSFNWPjljiFa2RoUYIMtmWmKoGdITHHB72eh2NT:NvV62XlaSFNWPjljiFXRoUYIMtmWF

Score

10^/10

quasar office04 spyware trojan

Static task

static1

office04 quasar

3 signatures

Behavioral task

behavioral1

Sample

frehtgjtyujtyhtyj.exe

Resource

win7-20240508-en

quasar office04 spyware trojan

windows7-x64

11 signatures

150 seconds

Behavioral task

behavioral2

Sample

frehtgjtyujtyhtyj.exe

Resource

win10v2004-20240508-en

quasar office04 spyware trojan

windows10-2004-x64

12 signatures

150 seconds

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

Office04

C2

money-yields.gl.at.ply.gg:7415

Mutex

f357cd9d-0193-4baa-a4ab-a8ecc081cc4a

Attributes

encryption_key
E1BD3EC68D46CE94607738B70CCE811ABD63A3D7
install_name
YAYAY.exe
log_directory
Logs
reconnect_delay
3000
startup_key
Update
subdirectory
SubDir

Targets

- Target
  
  frehtgjtyujtyhtyj.exe
- Size
  
  3.1MB
- MD5
  
  c4bcdf41ff03011cc03d14b924447225
- SHA1
  
  e0f8951c64c77531b383bcdf3b84e2d6b41b70a2
- SHA256
  
  e387a6be7c1369e5f61c5594955ece0eaf5e2a3ab8c55eb0943524de23ea5b13
- SHA512
  
  49bfd746a0db00bb404f252bc80ee1fcbe535a9c9e8138c9f05d4177f3a1cae126a1f0e7272a5e4b234000014fb820f5da946a05d60e53c4722a8dce307e3c1c
- SSDEEP
  
  49152:Nv/t62XlaSFNWPjljiFa2RoUYIMtmWmKoGdITHHB72eh2NT:NvV62XlaSFNWPjljiFXRoUYIMtmWF
Score

10^/10

quasar office04 spyware trojan
- Quasar RAT
  Quasar is an open source Remote Access Tool.
  trojan spyware quasar
- Quasar payload
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Remote System Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

quasaroffice04spywaretrojan

behavioral2

quasaroffice04spywaretrojan

© 2018-2024

Terms | Privacy