quasar | f0ee02f93d715a6dbc3f16bfe075c7617a0c69049fbae0959c3d5797d4a999a1 | Triage

Submit
Reports

Overview

overview

Static

static

a451e748bc...f6.exe

windows7-x64

a451e748bc...f6.exe

windows10-2004-x64

Sharing

General

Target

3a52e34c074990eee6ed67e3237c4c9c.bin
Size

1.2MB
Sample

240625-cbdefaxgjk
MD5

d4b991f98342b192e0aaa81ef8f92e6e
SHA1

0a5ed09dceb56c82ef31aaee8c16465f8cfe4c3b
SHA256

f0ee02f93d715a6dbc3f16bfe075c7617a0c69049fbae0959c3d5797d4a999a1
SHA512

9c72c23f4aaca77e67297c0fb186b6e636bcb6c44e22ffd0013655b29237c4f626f6081797e50e591064996054ba14132651a5ea9b8f1c449be5dfb9dbd439d7
SSDEEP

24576:isR/KnG+XDQ03KgQdr74Zs9N7r+JeoRaNxEhZ/dKlD4tk8YJVG5h3CaYQd6QdNv6:iq/KnFDQCo2s9N7XWKEhhwlWNwgNCaYJ

Score

10^/10

quasar office04 spyware trojan

Static task

static1

office04 quasar

3 signatures

Behavioral task

behavioral1

Sample

a451e748bc1e4c05bdaa722b35a5f6dd1a78765ac8967187a61b846f819c8bf6.exe

Resource

win7-20240419-en

quasar office04 spyware trojan

windows7-x64

11 signatures

150 seconds

Behavioral task

behavioral2

Sample

a451e748bc1e4c05bdaa722b35a5f6dd1a78765ac8967187a61b846f819c8bf6.exe

Resource

win10v2004-20240508-en

quasar office04 spyware trojan

windows10-2004-x64

11 signatures

150 seconds

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

Office04

C2

94.228.166.40:4782

Mutex

172a89d7-b9b2-4d82-b5ed-6beb5326f544

Attributes

encryption_key
7970C2029EDBB83E6BD65073BE18684AC9FF3F48
install_name
KR6nDu9fLhop1bFe.exe
log_directory
Logs
reconnect_delay
3000
startup_key
defender.proces
subdirectory
SubDir

Targets

- Target
  
  a451e748bc1e4c05bdaa722b35a5f6dd1a78765ac8967187a61b846f819c8bf6.exe
- Size
  
  3.1MB
- MD5
  
  3a52e34c074990eee6ed67e3237c4c9c
- SHA1
  
  b7df84535c4d8002cdd7675866617cf9884455c6
- SHA256
  
  a451e748bc1e4c05bdaa722b35a5f6dd1a78765ac8967187a61b846f819c8bf6
- SHA512
  
  1553aa7e90b404f715c9b025937da6a4941fd287de9a69afe52e970731c48b3a6e62ae898a4e16164fa57e20183ff86999b37c7ff9c9f77fa0a85bce3916b19c
- SSDEEP
  
  49152:MvHI22SsaNYfdPBldt698dBcjHuZvgGoGnVvTHHB72eh2NT:Mvo22SsaNYfdPBldt6+dBcjHuZvF
Score

10^/10

quasar office04 spyware trojan
- Quasar RAT
  Quasar is an open source Remote Access Tool.
  trojan spyware quasar
- Quasar payload
- Executes dropped EXE
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Discovery

System Information Discovery

Query Registry

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

quasaroffice04spywaretrojan

behavioral2

quasaroffice04spywaretrojan

© 2018-2024

Terms | Privacy