quasar | 1b586bfe3423ef03ecba497e90fd31b42022dd8e1f325e212c1e23cc58ba7be7 | Triage

Submit
Reports

Overview

overview

Static

static

AA5DA5D211...1F.exe

windows7-x64

AA5DA5D211...1F.exe

windows10-2004-x64

Sharing

General

Target

AA5DA5D211DD6B3C5E9404520EBEEC1F.exe
Size

3.1MB
Sample

240625-kpavgasfqm
MD5

aa5da5d211dd6b3c5e9404520ebeec1f
SHA1

037e6d5fa8398a3f95df469d60debe6fc8c93f89
SHA256

1b586bfe3423ef03ecba497e90fd31b42022dd8e1f325e212c1e23cc58ba7be7
SHA512

9a02a50c2534ece296d183bd712f8be240f4e5d989842656e28392af41036d29dc30cf205fe3526b980a480c54c3d9a4de7f5ef35103dec2d29fb513d2e83b72
SSDEEP

49152:PvSI22SsaNYfdPBldt698dBcjHod/oKT2fOTmZPKoGANtTHHB72eh2NT:Pv/22SsaNYfdPBldt6+dBcjHE/oKDg

Score

10^/10

quasar office04 spyware trojan

Static task

static1

office04 quasar

3 signatures

Behavioral task

behavioral1

Sample

AA5DA5D211DD6B3C5E9404520EBEEC1F.exe

Resource

win7-20240508-en

quasar office04 spyware trojan

windows7-x64

8 signatures

150 seconds

Behavioral task

behavioral2

Sample

AA5DA5D211DD6B3C5E9404520EBEEC1F.exe

Resource

win10v2004-20240611-en

quasar office04 spyware trojan

windows10-2004-x64

8 signatures

150 seconds

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

Office04

C2

91.92.242.80:4782

Mutex

e88cd5c3-d3f7-4cbb-94a7-7136e3bc6ab9

Attributes

encryption_key
B1F363CB165B4ADD4702FD386A0A1054BFED678C
install_name
WindowsUpdate.exe
log_directory
Logs
reconnect_delay
3000
startup_key
Windows.Update
subdirectory
Update

Targets

- Target
  
  AA5DA5D211DD6B3C5E9404520EBEEC1F.exe
- Size
  
  3.1MB
- MD5
  
  aa5da5d211dd6b3c5e9404520ebeec1f
- SHA1
  
  037e6d5fa8398a3f95df469d60debe6fc8c93f89
- SHA256
  
  1b586bfe3423ef03ecba497e90fd31b42022dd8e1f325e212c1e23cc58ba7be7
- SHA512
  
  9a02a50c2534ece296d183bd712f8be240f4e5d989842656e28392af41036d29dc30cf205fe3526b980a480c54c3d9a4de7f5ef35103dec2d29fb513d2e83b72
- SSDEEP
  
  49152:PvSI22SsaNYfdPBldt698dBcjHod/oKT2fOTmZPKoGANtTHHB72eh2NT:Pv/22SsaNYfdPBldt6+dBcjHE/oKDg
Score

10^/10

quasar office04 spyware trojan
- Quasar RAT
  Quasar is an open source Remote Access Tool.
  trojan spyware quasar
- Quasar payload
- Executes dropped EXE
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

quasaroffice04spywaretrojan

behavioral2

quasaroffice04spywaretrojan

© 2018-2024

Terms | Privacy