quasar | bb2c55fbda1e7da044b43bbe6ed8b371064746f5bbb4b0ad3585e8c1227abd02 | Triage

Submit
Reports

Overview

overview

Static

static

Loader.exe

windows10-1703-x64

Loader.exe

windows10-2004-x64

Sharing

General

Target

Loader.exe
Size

3.1MB
Sample

240622-wqfmwsxglg
MD5

7cf415ae8a6c6be91e8fcd0f2d6534d7
SHA1

c64843774046483a32903e1ec4b033f6c792f07c
SHA256

bb2c55fbda1e7da044b43bbe6ed8b371064746f5bbb4b0ad3585e8c1227abd02
SHA512

9e96e547c9610ba90d6af06584bc23a360f99e936b3895062a2eee77bf78e2bf6a11e7b9d3e826446b921f90205cec481d1d71f1f8be491ba478a89b77178d77
SSDEEP

49152:Ovkt62XlaSFNWPjljiFa2RoUYIZAHJ07Yy5LoGvDTHHB72eh2NT:Ov462XlaSFNWPjljiFXRoUYIZAH8

Score

10^/10

quasar office04 spyware trojan

Static task

static1

office04 quasar

3 signatures

Behavioral task

behavioral1

Sample

Loader.exe

Resource

win10-20240404-en

quasar office04 spyware trojan

windows10-1703-x64

8 signatures

150 seconds

Behavioral task

behavioral2

Sample

Loader.exe

Resource

win10v2004-20240611-en

quasar office04 spyware trojan

windows10-2004-x64

8 signatures

150 seconds

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

Office04

C2

192.168.1.141:4782

Mutex

c627ff01-20b9-42d1-9f7d-842cfcff3909

Attributes

encryption_key
3FD82075D8A6F76003D5B98222F0DD0458E54B61
install_name
Client.exe
log_directory
Logs
reconnect_delay
3000
startup_key
explorer
subdirectory
SubDir

Targets

- Target
  
  Loader.exe
- Size
  
  3.1MB
- MD5
  
  7cf415ae8a6c6be91e8fcd0f2d6534d7
- SHA1
  
  c64843774046483a32903e1ec4b033f6c792f07c
- SHA256
  
  bb2c55fbda1e7da044b43bbe6ed8b371064746f5bbb4b0ad3585e8c1227abd02
- SHA512
  
  9e96e547c9610ba90d6af06584bc23a360f99e936b3895062a2eee77bf78e2bf6a11e7b9d3e826446b921f90205cec481d1d71f1f8be491ba478a89b77178d77
- SSDEEP
  
  49152:Ovkt62XlaSFNWPjljiFa2RoUYIZAHJ07Yy5LoGvDTHHB72eh2NT:Ov462XlaSFNWPjljiFXRoUYIZAH8
Score

10^/10

quasar office04 spyware trojan
- Quasar RAT
  Quasar is an open source Remote Access Tool.
  trojan spyware quasar
- Quasar payload
- Executes dropped EXE
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

quasaroffice04spywaretrojan

behavioral2

quasaroffice04spywaretrojan

© 2018-2024

Terms | Privacy