Overview

overview

10

Static

static

1

loader.bat

windows11-21h2-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    loader.bat

  • Size

    2KB

  • Sample

    240629-2cl6eaxhla

  • MD5

    337cfcf36634c573c615b9d86ac21a8b

  • SHA1

    c840474cd8f10bfa82165f21f97359ac29cb06fb

  • SHA256

    2e1e7479498f263156ce8f1a4d5760cf35a28f3e102b652e2dcc15ce60cdaf89

  • SHA512

    3c454364f5841bc6c87a96f70179620a717e8baeec83ce3e7f04d46be1d65c84281c5a634c136585a3b33e0321c515559961482a33cdcdf0fbee7a539f7b4a01

Score
10/10
quasaroffice04executionspywaretrojan

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

Office04

C2

127.0.0.1:4782

Mutex

b04ba2ce-b74d-409a-9f5c-bdaffe1644ec

Attributes
  • encryption_key

    3C410D3A0BD1E76F9F4B11AD742F61FAE2E183E6

  • install_name

    Client.exe

  • log_directory

    Logs

  • reconnect_delay

    3000

  • startup_key

    Quasar Client Startup

  • subdirectory

    SubDir

Targets

    • Target

      loader.bat

    • Size

      2KB

    • MD5

      337cfcf36634c573c615b9d86ac21a8b

    • SHA1

      c840474cd8f10bfa82165f21f97359ac29cb06fb

    • SHA256

      2e1e7479498f263156ce8f1a4d5760cf35a28f3e102b652e2dcc15ce60cdaf89

    • SHA512

      3c454364f5841bc6c87a96f70179620a717e8baeec83ce3e7f04d46be1d65c84281c5a634c136585a3b33e0321c515559961482a33cdcdf0fbee7a539f7b4a01

    Score
    10/10
    quasaroffice04executionspywaretrojan

    • Quasar RAT

      Quasar is an open source Remote Access Tool.

      trojanspywarequasar

    • Quasar payload

    • Blocklisted process makes network request

    behavioral1

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Command and Scripting Interpreter

1
T1059

PowerShell

1
T1059.001

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks