quasar | 0b0f5f4a1afe5fc657325c8286e311c4b81a5ce7a516486b36ef7e5980dd120e | Triage

Submit
Reports

Overview

overview

Static

static

DriverInstall.exe

windows11-21h2-x64

Sharing

General

Target

DriverInstall.exe
Size

3.1MB
Sample

240630-rsj1wayhqd
MD5

2428d390c58c3ce2390bf4f6a00f27f2
SHA1

525322b7d43603e80d9d5c062baa9a1c4eb8c66f
SHA256

0b0f5f4a1afe5fc657325c8286e311c4b81a5ce7a516486b36ef7e5980dd120e
SHA512

d0a682e2b529e48b9f28fbef6d56c850c7a21ce03858755b28f4abe7ced2af6337f7b45e83f081faa37627f2e3d8a1dac46c3b75624478ed5f4ab33219e484b6
SSDEEP

49152:GvUt62XlaSFNWPjljiFa2RoUYIi3xh1v4LoGf7mTHHB72eh2NT:GvI62XlaSFNWPjljiFXRoUYIi3xK

Score

10^/10

quasar office04 spyware trojan

Static task

static1

office04 quasar

3 signatures

Behavioral task

behavioral1

Sample

DriverInstall.exe

Resource

win11-20240419-en

quasar office04 spyware trojan

windows11-21h2-x64

9 signatures

600 seconds

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

Office04

C2

192.168.178.86:4782

Mutex

bcb4ded3-f479-4472-930f-985b13a156fc

Attributes

encryption_key
E65A63C5070648ABDC8CAD5F2CB118AA164CFD24
install_name
Client.exe
log_directory
Logs
reconnect_delay
3000
startup_key
Driver.exe
subdirectory
WOW646464

Targets

- Target
  
  DriverInstall.exe
- Size
  
  3.1MB
- MD5
  
  2428d390c58c3ce2390bf4f6a00f27f2
- SHA1
  
  525322b7d43603e80d9d5c062baa9a1c4eb8c66f
- SHA256
  
  0b0f5f4a1afe5fc657325c8286e311c4b81a5ce7a516486b36ef7e5980dd120e
- SHA512
  
  d0a682e2b529e48b9f28fbef6d56c850c7a21ce03858755b28f4abe7ced2af6337f7b45e83f081faa37627f2e3d8a1dac46c3b75624478ed5f4ab33219e484b6
- SSDEEP
  
  49152:GvUt62XlaSFNWPjljiFa2RoUYIi3xh1v4LoGf7mTHHB72eh2NT:GvI62XlaSFNWPjljiFXRoUYIi3xK
Score

10^/10

quasar office04 spyware trojan
- Quasar RAT
  Quasar is an open source Remote Access Tool.
  trojan spyware quasar
- Quasar payload
- Executes dropped EXE
- Drops file in System32 directory
behavioral1

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

quasaroffice04spywaretrojan

© 2018-2024

Terms | Privacy