Overview

overview

10

Static

static

10

Client-built.exe

windows7-x64

10

Client-built.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Client-built.exe

  • Size

    3.1MB

  • Sample

    240614-nccebasarn

  • MD5

    f4b998836fb1b6c39db4595d5c84f695

  • SHA1

    4f16db34da13190ca66c425f41611d4feec2ad5a

  • SHA256

    40f98d7fbfe7b67d42dd7283eac6a78772d11fd15b7417ad87668ede8b720d10

  • SHA512

    40e742bc94e39dfecfb3a345b7e2cb79d95e5055bac8041618b440b2ca0a179f2b7be78ac428a162ceda7e0ad1ecd176558735728e4fd5142b189a7ccbd927c8

  • SSDEEP

    98304:SvI22SsaNYfdPBldt6+dBcjHxdfiMuwrR:Ud7jRdZuwrR

Score
10/10
quasaroffice04spywaretrojan

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

Office04

C2

192.168.1.61:4782

Mutex

0e842667-4449-4827-a1df-8a7b226ad226

Attributes
  • encryption_key

    BC40E9AA01DDEF86F859374E48D80D397A6EB8D3

  • install_name

    Client.exe

  • log_directory

    Logs

  • reconnect_delay

    3000

  • startup_key

    Quasar Client Startup

  • subdirectory

    SubDir

Targets

    • Target

      Client-built.exe

    • Size

      3.1MB

    • MD5

      f4b998836fb1b6c39db4595d5c84f695

    • SHA1

      4f16db34da13190ca66c425f41611d4feec2ad5a

    • SHA256

      40f98d7fbfe7b67d42dd7283eac6a78772d11fd15b7417ad87668ede8b720d10

    • SHA512

      40e742bc94e39dfecfb3a345b7e2cb79d95e5055bac8041618b440b2ca0a179f2b7be78ac428a162ceda7e0ad1ecd176558735728e4fd5142b189a7ccbd927c8

    • SSDEEP

      98304:SvI22SsaNYfdPBldt6+dBcjHxdfiMuwrR:Ud7jRdZuwrR

    Score
    10/10
    quasaroffice04spywaretrojan

    • Quasar RAT

      Quasar is an open source Remote Access Tool.

      trojanspywarequasar

    • Quasar payload

    • Executes dropped EXE

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Scheduled Task/Job

1
T1053

Persistence

Scheduled Task/Job

1
T1053

Privilege Escalation

Scheduled Task/Job

1
T1053

Defense Evasion

Credential Access

Discovery

System Information Discovery

1
T1082

Query Registry

1
T1012

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks