quasar | 4833f6e7b2beb3821ccd544a936f3d6db6403ee58c05038f15f2d1544f2acd3c | Triage

Submit
Reports

Overview

overview

Static

static

4833f6e7b2...3c.exe

windows7-x64

4833f6e7b2...3c.exe

windows10-2004-x64

Sharing

General

Target

4833f6e7b2beb3821ccd544a936f3d6db6403ee58c05038f15f2d1544f2acd3c.exe
Size

3.1MB
Sample

240617-bg88maxbpa
MD5

35dea5908c411c55232760a766992b4d
SHA1

803e87e294445707b2480e0f6eeb21990be7522e
SHA256

4833f6e7b2beb3821ccd544a936f3d6db6403ee58c05038f15f2d1544f2acd3c
SHA512

37f37e706d7ba27a00d06f5d30ba881b3cf606a74b0472a404e76acad17e446cf22bdcddbe5b79fa73f457302c028aca46e971a97543d3d1784c2393bff91631
SSDEEP

49152:DvrI22SsaNYfdPBldt698dBcjHCdHLoGdgTHHB72eh2NT:DvU22SsaNYfdPBldt6+dBcjHCdr

Score

10^/10

quasar office04 spyware trojan

Static task

static1

office04 quasar

6 signatures

Behavioral task

behavioral1

Sample

4833f6e7b2beb3821ccd544a936f3d6db6403ee58c05038f15f2d1544f2acd3c.exe

Resource

win7-20240508-en

quasar office04 spyware trojan

windows7-x64

13 signatures

150 seconds

Behavioral task

behavioral2

Sample

4833f6e7b2beb3821ccd544a936f3d6db6403ee58c05038f15f2d1544f2acd3c.exe

Resource

win10v2004-20240508-en

quasar office04 spyware trojan

windows10-2004-x64

14 signatures

150 seconds

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

Office04

C2

hvhkcutuoujbobu672-22209.portmap.host:22209

Mutex

979a24d1-1ef3-4416-baf8-bf96d2280aed

Attributes

encryption_key
E634ECEC5FEC379E441CB9B04C771BAC550131B0
install_name
Client.exe
log_directory
Logs
reconnect_delay
3000
startup_key
service 32
subdirectory
SubDir

Targets

- Target
  
  4833f6e7b2beb3821ccd544a936f3d6db6403ee58c05038f15f2d1544f2acd3c.exe
- Size
  
  3.1MB
- MD5
  
  35dea5908c411c55232760a766992b4d
- SHA1
  
  803e87e294445707b2480e0f6eeb21990be7522e
- SHA256
  
  4833f6e7b2beb3821ccd544a936f3d6db6403ee58c05038f15f2d1544f2acd3c
- SHA512
  
  37f37e706d7ba27a00d06f5d30ba881b3cf606a74b0472a404e76acad17e446cf22bdcddbe5b79fa73f457302c028aca46e971a97543d3d1784c2393bff91631
- SSDEEP
  
  49152:DvrI22SsaNYfdPBldt698dBcjHCdHLoGdgTHHB72eh2NT:DvU22SsaNYfdPBldt6+dBcjHCdr
Score

10^/10

quasar office04 spyware trojan
- Quasar RAT
  Quasar is an open source Remote Access Tool.
  trojan spyware quasar
- Quasar payload
- Detects Windows executables referencing non-Windows User-Agents
- Detects binaries (Windows and macOS) referencing many web browsers. Observed in information stealers.
- Detects executables containing common artifacts observed in infostealers
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Remote System Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

quasaroffice04spywaretrojan

behavioral2

quasaroffice04spywaretrojan

© 2018-2024

Terms | Privacy