quasar | 371530ba596376ff7fd76425f681d102ab2d171675620070035cbb0e1d1a0516 | Triage

Submit
Reports

Overview

overview

Static

static

Cyber-Secu...D).exe

windows10-2004-x64

Sharing

General

Target

Cyber-Security Nuker (UPDATED).exe
Size

3.1MB
Sample

240623-zpbt4a1ene
MD5

ac73e69fc419907a58784fd50471168d
SHA1

c936621828f889a8123f6057eb66fc38ebd6f293
SHA256

371530ba596376ff7fd76425f681d102ab2d171675620070035cbb0e1d1a0516
SHA512

74416db9fef10e50ab5acae785fbd005ecf16ce94022eb8a7d18d3f1bfc23242e7b5a180d6ff825281ae64fc1df513040ac87be7cb79060df96ca609e78b030e
SSDEEP

49152:rvyI22SsaNYfdPBldt698dBcjHbdIR9karHNoGdjKTHHB72eh2NT:rvf22SsaNYfdPBldt6+dBcjHC97

Score

10^/10

quasar office04 spyware trojan

Static task

static1

office04 quasar

3 signatures

Behavioral task

behavioral1

Sample

Cyber-Security Nuker (UPDATED).exe

Resource

win10v2004-20240611-en

quasar office04 spyware trojan

windows10-2004-x64

12 signatures

600 seconds

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

Office04

C2

192.168.68.67:4782

Mutex

dcb0af0e-4f78-426b-9489-43ea356dc0f7

Attributes

encryption_key
0807120B930C7C14B2B5A7F6550477313E81C7B9
install_name
Client.exe
log_directory
Logs
reconnect_delay
3000
startup_key
Quasar Client Startup
subdirectory
SubDir

Targets

- Target
  
  Cyber-Security Nuker (UPDATED).exe
- Size
  
  3.1MB
- MD5
  
  ac73e69fc419907a58784fd50471168d
- SHA1
  
  c936621828f889a8123f6057eb66fc38ebd6f293
- SHA256
  
  371530ba596376ff7fd76425f681d102ab2d171675620070035cbb0e1d1a0516
- SHA512
  
  74416db9fef10e50ab5acae785fbd005ecf16ce94022eb8a7d18d3f1bfc23242e7b5a180d6ff825281ae64fc1df513040ac87be7cb79060df96ca609e78b030e
- SSDEEP
  
  49152:rvyI22SsaNYfdPBldt698dBcjHbdIR9karHNoGdjKTHHB72eh2NT:rvf22SsaNYfdPBldt6+dBcjHC97
Score

10^/10

quasar office04 spyware trojan
- Quasar RAT
  Quasar is an open source Remote Access Tool.
  trojan spyware quasar
- Quasar payload
- Executes dropped EXE
behavioral1

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

quasaroffice04spywaretrojan

© 2018-2024

Terms | Privacy