quasar | 7bf0ba077316040ee76a180ab82b5ebeb7b3f50eb9be8d2e8d7a1b3da8974b15 | Triage

Submit
Reports

Overview

overview

Static

static

3

Loader.exe

windows10-2004-x64

Sharing

General

Target

Loader.exe
Size

9.8MB
Sample

240627-cp8shaxeke
MD5

dd7a3870e3db2dd4bd95fef1be8f8d57
SHA1

d256e208a055db0669a6198c46df9811d2f6c580
SHA256

7bf0ba077316040ee76a180ab82b5ebeb7b3f50eb9be8d2e8d7a1b3da8974b15
SHA512

dfeb7c5fcb89823c2bd8478ba4f8d9b434481689348bd74d39fde5eead2f59f5920822dbe868ea813d877796b4cc2360b9eb65c1a896046c7f7cc1132b92d879
SSDEEP

196608:VayukxarCvuYRMtUZmzV1vDnPdcva1TFxk802JWTQvSqDHwxN98B:Y8oC2YRMtlvDnPivaprk804B

Score

10^/10

quasar office04 spyware trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

Loader.exe

Resource

win10v2004-20240611-en

quasar office04 spyware trojan

windows10-2004-x64

10 signatures

150 seconds

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

Office04

C2

history-foo.gl.at.ply.gg:42349

Mutex

2beddbf7-c691-4058-94c7-f54389b4a581

Attributes

encryption_key
CBFC5D217E55BEBDCD3A6EFA924299F76BC328D9
install_name
Client.exe
log_directory
Logs
reconnect_delay
3000
startup_key
Update
subdirectory
SubDir

Targets

- Target
  
  Loader.exe
- Size
  
  9.8MB
- MD5
  
  dd7a3870e3db2dd4bd95fef1be8f8d57
- SHA1
  
  d256e208a055db0669a6198c46df9811d2f6c580
- SHA256
  
  7bf0ba077316040ee76a180ab82b5ebeb7b3f50eb9be8d2e8d7a1b3da8974b15
- SHA512
  
  dfeb7c5fcb89823c2bd8478ba4f8d9b434481689348bd74d39fde5eead2f59f5920822dbe868ea813d877796b4cc2360b9eb65c1a896046c7f7cc1132b92d879
- SSDEEP
  
  196608:VayukxarCvuYRMtUZmzV1vDnPdcva1TFxk802JWTQvSqDHwxN98B:Y8oC2YRMtlvDnPivaprk804B
Score

10^/10

quasar office04 spyware trojan
- Quasar RAT
  Quasar is an open source Remote Access Tool.
  trojan spyware quasar
- Quasar payload
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
behavioral1

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

quasaroffice04spywaretrojan

© 2018-2024

Terms | Privacy