quasar | 0da69bfe85133738cfcd24c9381baeb0ff3c849b5fa995171407cc4a9ef1626b | Triage

Submit
Reports

Overview

overview

Static

static

1

loader(1).bat

windows11-21h2-x64

Sharing

General

Target

loader(1).bat
Size

6KB
Sample

240630-a7wjsa1bpa
MD5

dd28cb17a1e4540852af1452696640d0
SHA1

d4a954bc2fbae13ad5b0f8f78ea13714a8a00a39
SHA256

0da69bfe85133738cfcd24c9381baeb0ff3c849b5fa995171407cc4a9ef1626b
SHA512

e9ad278709c73dcc0a136de9ab275a4506ef812d530eb27b6620738321261e6f41540c163b2d7d8ed4844df96ecf7970001f561b0f225a71532f13d3896701cd
SSDEEP

192:B+Y+L2cE8Wc/Dz+KH32ywmC4cRpmVZfE1XzHxl/JXhCdyNhA:UE8Wc/DztH32y7C4Qp/lzRl/JXhDNhA

Score

10^/10

quasar office04 execution spyware trojan

Static task

static1

Behavioral task

behavioral1

Sample

loader(1).bat

Resource

win11-20240508-en

quasar office04 execution spyware trojan

windows11-21h2-x64

14 signatures

150 seconds

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

Office04

C2

127.0.0.1:4782

Mutex

b04ba2ce-b74d-409a-9f5c-bdaffe1644ec

Attributes

encryption_key
3C410D3A0BD1E76F9F4B11AD742F61FAE2E183E6
install_name
Client.exe
log_directory
Logs
reconnect_delay
3000
startup_key
Quasar Client Startup
subdirectory
SubDir

Targets

- Target
  
  loader(1).bat
- Size
  
  6KB
- MD5
  
  dd28cb17a1e4540852af1452696640d0
- SHA1
  
  d4a954bc2fbae13ad5b0f8f78ea13714a8a00a39
- SHA256
  
  0da69bfe85133738cfcd24c9381baeb0ff3c849b5fa995171407cc4a9ef1626b
- SHA512
  
  e9ad278709c73dcc0a136de9ab275a4506ef812d530eb27b6620738321261e6f41540c163b2d7d8ed4844df96ecf7970001f561b0f225a71532f13d3896701cd
- SSDEEP
  
  192:B+Y+L2cE8Wc/Dz+KH32ywmC4cRpmVZfE1XzHxl/JXhCdyNhA:UE8Wc/DztH32y7C4Qp/lzRl/JXhDNhA
Score

10^/10

quasar office04 execution spyware trojan
- Quasar RAT
  Quasar is an open source Remote Access Tool.
  trojan spyware quasar
- Quasar payload
- Blocklisted process makes network request
behavioral1

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

quasaroffice04executionspywaretrojan

© 2018-2024

Terms | Privacy