quasar | 89a07c9afff73c280ae14caed30f2eb2768263c0020b943d352e5424bd993d93 | Triage

Submit
Reports

Overview

overview

Static

static

89a07c9aff...cs.exe

windows7-x64

89a07c9aff...cs.exe

windows10-2004-x64

Sharing

General

Target

89a07c9afff73c280ae14caed30f2eb2768263c0020b943d352e5424bd993d93_NeikiAnalytics.exe
Size

341KB
Sample

240629-j7bn2sxapn
MD5

12727d1a8a1cde56fa3715f6ba9ecdb0
SHA1

112ff64a9dfccadd7ae4618dbaf6e537b68a058f
SHA256

89a07c9afff73c280ae14caed30f2eb2768263c0020b943d352e5424bd993d93
SHA512

8502fafdad4ea9f430c6ce9f51f2686e56a13a9e23cd8cda0d420587ce11631efa076e38aa617e6ee0481331edc5e3954cc96f16b6dc1be33ad75e71cd36a7ef
SSDEEP

6144:ubZJrgLF70h2Jn/9A2LnugnTzTzTFNDMbMIIAZk1AlC4HCf0VVp8:G47gY/OanucQIAq94i8Vr8

Score

10^/10

quasar office04 spyware trojan

Static task

static1

office04 quasar

3 signatures

Behavioral task

behavioral1

Sample

89a07c9afff73c280ae14caed30f2eb2768263c0020b943d352e5424bd993d93_NeikiAnalytics.exe

Resource

win7-20240508-en

quasar office04 spyware trojan

windows7-x64

4 signatures

150 seconds

Behavioral task

behavioral2

Sample

89a07c9afff73c280ae14caed30f2eb2768263c0020b943d352e5424bd993d93_NeikiAnalytics.exe

Resource

win10v2004-20240508-en

quasar office04 spyware trojan

windows10-2004-x64

8 signatures

150 seconds

Malware Config

Extracted

Family

quasar

Version

1.3.0.0

Botnet

Office04

C2

keke78410-60142.portmap.host:60142

Mutex

QSR_MUTEX_cOv6uh77YaEpqR2GFj

Attributes

encryption_key
8vuP81UPGlFDNPdrxBd5
install_name
Client.exe
log_directory
Logs
reconnect_delay
3000
startup_key
Quasar Client Startup
subdirectory
SubDir

Targets

- Target
  
  89a07c9afff73c280ae14caed30f2eb2768263c0020b943d352e5424bd993d93_NeikiAnalytics.exe
- Size
  
  341KB
- MD5
  
  12727d1a8a1cde56fa3715f6ba9ecdb0
- SHA1
  
  112ff64a9dfccadd7ae4618dbaf6e537b68a058f
- SHA256
  
  89a07c9afff73c280ae14caed30f2eb2768263c0020b943d352e5424bd993d93
- SHA512
  
  8502fafdad4ea9f430c6ce9f51f2686e56a13a9e23cd8cda0d420587ce11631efa076e38aa617e6ee0481331edc5e3954cc96f16b6dc1be33ad75e71cd36a7ef
- SSDEEP
  
  6144:ubZJrgLF70h2Jn/9A2LnugnTzTzTFNDMbMIIAZk1AlC4HCf0VVp8:G47gY/OanucQIAq94i8Vr8
Score

10^/10

quasar office04 spyware trojan
- Quasar RAT
  Quasar is an open source Remote Access Tool.
  trojan spyware quasar
- Quasar payload
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Remote System Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

quasaroffice04spywaretrojan

behavioral2

quasaroffice04spywaretrojan

© 2018-2024

Terms | Privacy