quasar | b59ffeb4562b0090788df6d8d7d44e1081396812dcfce083f526a85fdf33fbfe | Triage

Submit
Reports

Overview

overview

Static

static

Builder.exe

windows11-21h2-x64

Sharing

General

Target

Builder.exe
Size

3.3MB
Sample

240622-xqeahavaln
MD5

056f731df3723fe8d545a7c081abed80
SHA1

627c59a9a0b69487e00ce32c5ec92ebd0f5410eb
SHA256

b59ffeb4562b0090788df6d8d7d44e1081396812dcfce083f526a85fdf33fbfe
SHA512

995af0bd764f1c0d9f9a4e83facfaed0901df570ec84f960a3328a6265c4c98399f04a947210a8499a1b8e2ddafb5c893593b1316656405507b14a7361fe6ff3
SSDEEP

49152:UvyI22SsaNYfdPBldt698dBcjHla6YBxf5oGdSTHHB72eh2NTydrJf:Uvf22SsaNYfdPBldt6+dBcjHk6CWdlf

Score

10^/10

quasar office04 spyware trojan

Static task

static1

office04 quasar

3 signatures

Behavioral task

behavioral1

Sample

Builder.exe

Resource

win11-20240508-en

quasar office04 spyware trojan

windows11-21h2-x64

14 signatures

150 seconds

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

Office04

C2

192.168.68.67:4782

Mutex

dcb0af0e-4f78-426b-9489-43ea356dc0f7

Attributes

encryption_key
0807120B930C7C14B2B5A7F6550477313E81C7B9
install_name
Client.exe
log_directory
Logs
reconnect_delay
3000
startup_key
Quasar Client Startup
subdirectory
SubDir

Targets

- Target
  
  Builder.exe
- Size
  
  3.3MB
- MD5
  
  056f731df3723fe8d545a7c081abed80
- SHA1
  
  627c59a9a0b69487e00ce32c5ec92ebd0f5410eb
- SHA256
  
  b59ffeb4562b0090788df6d8d7d44e1081396812dcfce083f526a85fdf33fbfe
- SHA512
  
  995af0bd764f1c0d9f9a4e83facfaed0901df570ec84f960a3328a6265c4c98399f04a947210a8499a1b8e2ddafb5c893593b1316656405507b14a7361fe6ff3
- SSDEEP
  
  49152:UvyI22SsaNYfdPBldt698dBcjHla6YBxf5oGdSTHHB72eh2NTydrJf:Uvf22SsaNYfdPBldt6+dBcjHk6CWdlf
Score

10^/10

quasar office04 spyware trojan
- Quasar RAT
  Quasar is an open source Remote Access Tool.
  trojan spyware quasar
- Quasar payload
- Executes dropped EXE
behavioral1

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

quasaroffice04spywaretrojan

© 2018-2024

Terms | Privacy