quasar | 5605c73c546e1dc58135d9f966e449d4acf0e791f4095989f4b746522e726f27 | Triage

Submit
Reports

Overview

overview

Static

static

Client-built.exe

windows11-21h2-x64

Sharing

General

Target

Client-built.exe
Size

3.1MB
Sample

240627-18pqqstgqb
MD5

dc2017d875a294af1881e553b11b8717
SHA1

40b4ab857db967b61d4708943f157f248c49b844
SHA256

5605c73c546e1dc58135d9f966e449d4acf0e791f4095989f4b746522e726f27
SHA512

faf2982b82dade07c2c88425bdc8f77ee4ee6e28d850f612db7e370547afd2c6337b6cc5b0087685a199e1e83d6666fcaae0109aa89bf6ea4ca2d150b9972262
SSDEEP

49152:PvEt62XlaSFNWPjljiFa2RoUYIkdyRfDKoGdf+THHB72eh2NT:PvY62XlaSFNWPjljiFXRoUYIkdyRfm

Score

10^/10

quasar office04 spyware trojan

Static task

static1

office04 quasar

3 signatures

Behavioral task

behavioral1

Sample

Client-built.exe

Resource

win11-20240508-en

quasar office04 spyware trojan

windows11-21h2-x64

14 signatures

150 seconds

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

Office04

C2

0.tcp.eu.ngrok.io:12165

Mutex

fbfe2df1-f4ca-4d07-920f-4075f27bc8a1

Attributes

encryption_key
B22432E943AA88394E5F97387369DCA7D8B67608
install_name
Client.exe
log_directory
Logs
reconnect_delay
3000
startup_key
system 32
subdirectory
SubDir

Targets

- Target
  
  Client-built.exe
- Size
  
  3.1MB
- MD5
  
  dc2017d875a294af1881e553b11b8717
- SHA1
  
  40b4ab857db967b61d4708943f157f248c49b844
- SHA256
  
  5605c73c546e1dc58135d9f966e449d4acf0e791f4095989f4b746522e726f27
- SHA512
  
  faf2982b82dade07c2c88425bdc8f77ee4ee6e28d850f612db7e370547afd2c6337b6cc5b0087685a199e1e83d6666fcaae0109aa89bf6ea4ca2d150b9972262
- SSDEEP
  
  49152:PvEt62XlaSFNWPjljiFa2RoUYIkdyRfDKoGdf+THHB72eh2NT:PvY62XlaSFNWPjljiFXRoUYIkdyRfm
Score

10^/10

quasar office04 spyware trojan
- Quasar RAT
  Quasar is an open source Remote Access Tool.
  trojan spyware quasar
- Quasar payload
- Executes dropped EXE
- Legitimate hosting services abused for malware hosting/C2
- Drops file in System32 directory
behavioral1

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Discovery

System Information Discovery

Remote System Discovery

Query Registry

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

quasaroffice04spywaretrojan

© 2018-2024

Terms | Privacy