quasar | 0dfb26997cbb3504d382426b12fdf19b0a933520cb3a46035924381b298968fd | Triage

Submit
Reports

Overview

overview

Static

static

164e19d48c...3f.exe

windows7-x64

164e19d48c...3f.exe

windows10-2004-x64

Sharing

General

Target

1b27e622f4edbbdd8fc93a0d1c129607.bin
Size

1.2MB
Sample

240620-bllm5azhqa
MD5

d2535e9cb08f9ca169bdec719f66b917
SHA1

931f64a688d24560b6597e3037bcd3a1b1294810
SHA256

0dfb26997cbb3504d382426b12fdf19b0a933520cb3a46035924381b298968fd
SHA512

3173bb62691521ae59d65d5f729013e7f135e6b10e2c1ee534d9f3f619fe5220f4635b185c7d202612d005d18857c8025a255ee91f84a45ec3276add4224d10b
SSDEEP

24576:sAGSmvJ7JxMiEOeDF1wMkjTdSAWvWvyZWoerW84vzzHJgj:s57JxJKrwMaTdSAUIoeVgzHJK

Score

10^/10

quasar office04 spyware trojan

Static task

static1

office04 quasar

3 signatures

Behavioral task

behavioral1

Sample

164e19d48c8d3ed423d4d4c68dff47899f375b6ef4f2a27005562e16b3a8d33f.exe

Resource

win7-20240508-en

quasar office04 spyware trojan

windows7-x64

11 signatures

150 seconds

Behavioral task

behavioral2

Sample

164e19d48c8d3ed423d4d4c68dff47899f375b6ef4f2a27005562e16b3a8d33f.exe

Resource

win10v2004-20240508-en

quasar office04 spyware trojan

windows10-2004-x64

11 signatures

150 seconds

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

Office04

C2

94.228.166.40:4782

Mutex

172a89d7-b9b2-4d82-b5ed-6beb5326f544

Attributes

encryption_key
7970C2029EDBB83E6BD65073BE18684AC9FF3F48
install_name
KR6nDu9fLhop1bFe.exe
log_directory
Logs
reconnect_delay
3000
startup_key
Defender.proces
subdirectory
SubDir

Targets

- Target
  
  164e19d48c8d3ed423d4d4c68dff47899f375b6ef4f2a27005562e16b3a8d33f.exe
- Size
  
  3.1MB
- MD5
  
  1b27e622f4edbbdd8fc93a0d1c129607
- SHA1
  
  3e7b42dd10c01f632f158cc96701f6ba49ebec48
- SHA256
  
  164e19d48c8d3ed423d4d4c68dff47899f375b6ef4f2a27005562e16b3a8d33f
- SHA512
  
  bd6d609019f06649db920244a91ef5a2f105ea81055cdd53df72e737e1aae75b340060f45cb56383d201c154591a0a297fd69e1d09c5239b96ea5765a823ef5c
- SSDEEP
  
  49152:kvHI22SsaNYfdPBldt698dBcjHn30LdBhJo2d/UTHHB72eh2NT:kvo22SsaNYfdPBldt6+dBcjH30nv
Score

10^/10

quasar office04 spyware trojan
- Quasar RAT
  Quasar is an open source Remote Access Tool.
  trojan spyware quasar
- Quasar payload
- Executes dropped EXE
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Discovery

System Information Discovery

Query Registry

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

quasaroffice04spywaretrojan

behavioral2

quasaroffice04spywaretrojan

© 2018-2024

Terms | Privacy