quasar | b088c1a59ca35c08c61fcbf4879c025177c1a46d34be546b031d82a478b6291a | Triage

Submit
Reports

Overview

overview

Static

static

smss.exe

windows7-x64

Sharing

General

Target

smss.exe
Size

3.1MB
Sample

240621-hhhkmazenc
MD5

bf04688e0d33e2a1b305c5cfe9dae94d
SHA1

ee3924572b0ae9a0534e1c1e632fca12ea944f73
SHA256

b088c1a59ca35c08c61fcbf4879c025177c1a46d34be546b031d82a478b6291a
SHA512

e4917c80ebf40bcf5ad40c51f38e7c3b74d35be7b9a656c4592fed6d8c4f5b6d3f22eb694d4ecb37f5d5cbe0bf881a4ad3134576244e7d6f7e4655f86d7b29e3
SSDEEP

49152:DvilL26AaNeWgPhlmVqvMQ7XSKNT+ICoGdwaTHHB72eh2NT:DvaL26AaNeWgPhlmVqkQ7XSKNT+j

Score

10^/10

quasar office04 spyware trojan

Static task

static1

office04 quasar

3 signatures

Behavioral task

behavioral1

Sample

smss.exe

Resource

win7-20240221-en

quasar office04 spyware trojan

windows7-x64

3 signatures

150 seconds

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

Office04

C2

carolina-reverse.gl.at.ply.gg:34609

Mutex

255a7afd-a9a3-4b9f-b4bc-647ca1724a1a

Attributes

encryption_key
524892BD8A433CE8E6A342E36737F573CEF5D252
install_name
Client.exe
log_directory
Logs
reconnect_delay
3000
startup_key
Quasar Client Startup
subdirectory
SubDir

Targets

- Target
  
  smss.exe
- Size
  
  3.1MB
- MD5
  
  bf04688e0d33e2a1b305c5cfe9dae94d
- SHA1
  
  ee3924572b0ae9a0534e1c1e632fca12ea944f73
- SHA256
  
  b088c1a59ca35c08c61fcbf4879c025177c1a46d34be546b031d82a478b6291a
- SHA512
  
  e4917c80ebf40bcf5ad40c51f38e7c3b74d35be7b9a656c4592fed6d8c4f5b6d3f22eb694d4ecb37f5d5cbe0bf881a4ad3134576244e7d6f7e4655f86d7b29e3
- SSDEEP
  
  49152:DvilL26AaNeWgPhlmVqvMQ7XSKNT+ICoGdwaTHHB72eh2NT:DvaL26AaNeWgPhlmVqkQ7XSKNT+j
Score

10^/10

quasar office04 spyware trojan
- Quasar RAT
  Quasar is an open source Remote Access Tool.
  trojan spyware quasar
- Quasar payload
behavioral1

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

quasaroffice04spywaretrojan

© 2018-2024

Terms | Privacy