quasar | f804bfcdfac2e6073dec8bf16d5665ce74bc45aafcd91603d0f540612a247268 | Triage

Submit
Reports

Overview

overview

Static

static

dfsdf.exe

windows10-2004-x64

Sharing

General

Target

dfsdf.exe
Size

3.1MB
Sample

240613-kvbzqa1hrh
MD5

44aaa2c8fd4f8705bed96d6e4cf0ab85
SHA1

2ab7832577f3407c85da9fa894b7cd16f346003d
SHA256

f804bfcdfac2e6073dec8bf16d5665ce74bc45aafcd91603d0f540612a247268
SHA512

9734659ceb894941e7fce2760d46ca2019bd5a2a26f164a16c0dc0695fb42ae9161093843a4bc78dd46205f90d1692436e8580392d11180bf1792ab486cc6ae6
SSDEEP

49152:7vElL26AaNeWgPhlmVqvMQ7XSKnCn1J6eoGdSoTHHB72eh2NT:7vkL26AaNeWgPhlmVqkQ7XSKnCx

Score

10^/10

quasar office04 spyware trojan

Static task

static1

office04 quasar

3 signatures

Behavioral task

behavioral1

Sample

dfsdf.exe

Resource

win10v2004-20240611-en

quasar office04 spyware trojan

windows10-2004-x64

14 signatures

150 seconds

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

Office04

C2

nexosmith1231-54169.portmap.host:54169

Mutex

607f231f-37d7-40a6-8790-f623e2b7c3d5

Attributes

encryption_key
57AD3106034C3A8FFC913D430F88F63E17B5BC5D
install_name
Client.exe
log_directory
Logs
reconnect_delay
3000
startup_key
Quasar Client Startup
subdirectory
SubDir

Targets

- Target
  
  dfsdf.exe
- Size
  
  3.1MB
- MD5
  
  44aaa2c8fd4f8705bed96d6e4cf0ab85
- SHA1
  
  2ab7832577f3407c85da9fa894b7cd16f346003d
- SHA256
  
  f804bfcdfac2e6073dec8bf16d5665ce74bc45aafcd91603d0f540612a247268
- SHA512
  
  9734659ceb894941e7fce2760d46ca2019bd5a2a26f164a16c0dc0695fb42ae9161093843a4bc78dd46205f90d1692436e8580392d11180bf1792ab486cc6ae6
- SSDEEP
  
  49152:7vElL26AaNeWgPhlmVqvMQ7XSKnCn1J6eoGdSoTHHB72eh2NT:7vkL26AaNeWgPhlmVqkQ7XSKnCx
Score

10^/10

quasar office04 spyware trojan
- Quasar RAT
  Quasar is an open source Remote Access Tool.
  trojan spyware quasar
- Quasar payload
- Executes dropped EXE
behavioral1

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Query Registry

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

quasaroffice04spywaretrojan

© 2018-2024

Terms | Privacy