quasar | 8101bcb9ab9320c0c812fc5b73a04abb20018c7bf5451be56e008e3a053727ab | Triage

Submit
Reports

Overview

overview

Static

static

cipka.exe

windows10-2004-x64

Sharing

General

Target

cipka.exe
Size

3.1MB
Sample

240629-zrznyawdjc
MD5

68cfc044a88d5737918a455410ff84cb
SHA1

1c1d434ec87174709a5ade5d3373fa2381bfcc6b
SHA256

8101bcb9ab9320c0c812fc5b73a04abb20018c7bf5451be56e008e3a053727ab
SHA512

8a6a2a24cd651e7f90c7432b14426420d583fa5ba3a0f8434b7a4d244f33382064e05ada04b36fa064ac3bf5b9521e076269e8d7604a49367b659705b9db98f5
SSDEEP

49152:PvOI22SsaNYfdPBldt698dBcjHUC61JwLoGdRkzTHHB72eh2NT:Pvj22SsaNYfdPBldt6+dBcjHUCrB

Score

10^/10

quasar office04 spyware stealer trojan

Static task

static1

office04 quasar

3 signatures

Behavioral task

behavioral1

Sample

cipka.exe

Resource

win10v2004-20240611-en

quasar office04 spyware stealer trojan

windows10-2004-x64

16 signatures

150 seconds

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

Office04

C2

147.185.221.19:33365

Mutex

ba5220e2-c4e8-4381-aad8-a85115ef955e

Attributes

encryption_key
67C139F3E9A16FF8132A3DCF42197B8BA3C38609
install_name
Client.exe
log_directory
Logs
reconnect_delay
3000
startup_key
Quasar Client Startup
subdirectory
SubDir

Targets

- Target
  
  cipka.exe
- Size
  
  3.1MB
- MD5
  
  68cfc044a88d5737918a455410ff84cb
- SHA1
  
  1c1d434ec87174709a5ade5d3373fa2381bfcc6b
- SHA256
  
  8101bcb9ab9320c0c812fc5b73a04abb20018c7bf5451be56e008e3a053727ab
- SHA512
  
  8a6a2a24cd651e7f90c7432b14426420d583fa5ba3a0f8434b7a4d244f33382064e05ada04b36fa064ac3bf5b9521e076269e8d7604a49367b659705b9db98f5
- SSDEEP
  
  49152:PvOI22SsaNYfdPBldt698dBcjHUC61JwLoGdRkzTHHB72eh2NT:Pvj22SsaNYfdPBldt6+dBcjHUCrB
Score

10^/10

quasar office04 spyware stealer trojan
- Quasar RAT
  Quasar is an open source Remote Access Tool.
  trojan spyware quasar
- Quasar payload
- Deletes itself
- Executes dropped EXE
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Drops file in System32 directory
behavioral1

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

System Information Discovery

Query Registry

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

quasaroffice04spywarestealertrojan

© 2018-2024

Terms | Privacy