quasar | f8e9936d8d5c19cc1eecf7175004f5223355d598e4834cb07cf2d03e0ae7aff4 | Triage

Submit
Reports

Overview

overview

Static

static

3

f8e9936d8d...f4.exe

windows7-x64

1

f8e9936d8d...f4.exe

windows10-2004-x64

Sharing

General

Target

f8e9936d8d5c19cc1eecf7175004f5223355d598e4834cb07cf2d03e0ae7aff4
Size

360KB
Sample

240628-mhyn3avara
MD5

0d347ef94018fa95cb30820ce61f0d45
SHA1

ac953981f20f323b3a6148951dbc441608bdf5b9
SHA256

f8e9936d8d5c19cc1eecf7175004f5223355d598e4834cb07cf2d03e0ae7aff4
SHA512

43db5307590fffd7cb5e9f8f36e9a9785054f6186cc001f00de10e1c60e7a766a74967d90e69764105283a6a0d6bdb0d81b3b4a231058defe925d5b7a6ab6ea0
SSDEEP

6144:7jeBu0ndSdYCX6+9E8KgmYWfcpJuaeMBaYSi+neTg23J+y:7cndSdYY6+9E8KgmYWfsJEy

Score

10^/10

quasar office04 spyware trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

f8e9936d8d5c19cc1eecf7175004f5223355d598e4834cb07cf2d03e0ae7aff4.exe

Resource

win7-20240221-en

windows7-x64

2 signatures

150 seconds

Behavioral task

behavioral2

Sample

f8e9936d8d5c19cc1eecf7175004f5223355d598e4834cb07cf2d03e0ae7aff4.exe

Resource

win10v2004-20240508-en

quasar office04 spyware trojan

windows10-2004-x64

3 signatures

150 seconds

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

Office04

C2

127.0.0.1:4782

Mutex

b04ba2ce-b74d-409a-9f5c-bdaffe1644ec

Attributes

encryption_key
3C410D3A0BD1E76F9F4B11AD742F61FAE2E183E6
install_name
Client.exe
log_directory
Logs
reconnect_delay
3000
startup_key
Quasar Client Startup
subdirectory
SubDir

Targets

- Target
  
  f8e9936d8d5c19cc1eecf7175004f5223355d598e4834cb07cf2d03e0ae7aff4
- Size
  
  360KB
- MD5
  
  0d347ef94018fa95cb30820ce61f0d45
- SHA1
  
  ac953981f20f323b3a6148951dbc441608bdf5b9
- SHA256
  
  f8e9936d8d5c19cc1eecf7175004f5223355d598e4834cb07cf2d03e0ae7aff4
- SHA512
  
  43db5307590fffd7cb5e9f8f36e9a9785054f6186cc001f00de10e1c60e7a766a74967d90e69764105283a6a0d6bdb0d81b3b4a231058defe925d5b7a6ab6ea0
- SSDEEP
  
  6144:7jeBu0ndSdYCX6+9E8KgmYWfcpJuaeMBaYSi+neTg23J+y:7cndSdYY6+9E8KgmYWfsJEy
Score

10^/10

quasar office04 spyware trojan
- Quasar RAT
  Quasar is an open source Remote Access Tool.
  trojan spyware quasar
- Quasar payload
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Subvert Trust Controls

Install Root Certificate

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

behavioral2

quasaroffice04spywaretrojan

© 2018-2024

Terms | Privacy