quasar | 65914f9dcfa1f7e81859a9e042ee84b549bde879180d4eea3eb7fe4f50b73097 | Triage

Submit
Reports

Overview

overview

Static

static

Remote.exe

windows11-21h2-x64

Sharing

General

Target

Remote.exe
Size

3.1MB
Sample

240630-vwdj2svbpn
MD5

875d3550ed90decbd5188e1d2cc961c0
SHA1

b067c399f32873bfb4d16524a87d17196c6a070b
SHA256

65914f9dcfa1f7e81859a9e042ee84b549bde879180d4eea3eb7fe4f50b73097
SHA512

c7799194bbebba17ce32765416ed75a996a29c9694191e6cc89966fa10a9675cafef26867320fabfbb21a851f4ee261b99b260aa0c4f5ee359fcd128a71c13fa
SSDEEP

49152:HviI22SsaNYfdPBldt698dBcjHEKRJ6zbR3LoGdqTHHB72eh2NT:Hvv22SsaNYfdPBldt6+dBcjHEKRJ6l

Score

10^/10

quasar office04 spyware trojan

Static task

static1

office04 quasar

3 signatures

Behavioral task

behavioral1

Sample

Remote.exe

Resource

win11-20240419-en

quasar office04 spyware trojan

windows11-21h2-x64

18 signatures

150 seconds

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

Office04

C2

192.168.1.150:4782

Mutex

adc301f6-35ca-4636-b286-ad2aef63f877

Attributes

encryption_key
54B7AB1A151267275EF24D335CE7E3B6ABDDC53E
install_name
Client.exe
log_directory
Logs
reconnect_delay
3000
startup_key
Windows Updater Services
subdirectory
SubDir

Targets

- Target
  
  Remote.exe
- Size
  
  3.1MB
- MD5
  
  875d3550ed90decbd5188e1d2cc961c0
- SHA1
  
  b067c399f32873bfb4d16524a87d17196c6a070b
- SHA256
  
  65914f9dcfa1f7e81859a9e042ee84b549bde879180d4eea3eb7fe4f50b73097
- SHA512
  
  c7799194bbebba17ce32765416ed75a996a29c9694191e6cc89966fa10a9675cafef26867320fabfbb21a851f4ee261b99b260aa0c4f5ee359fcd128a71c13fa
- SSDEEP
  
  49152:HviI22SsaNYfdPBldt698dBcjHEKRJ6zbR3LoGdqTHHB72eh2NT:Hvv22SsaNYfdPBldt6+dBcjHEKRJ6l
Score

10^/10

quasar office04 spyware trojan
- Quasar RAT
  Quasar is an open source Remote Access Tool.
  trojan spyware quasar
- Quasar payload
- Executes dropped EXE
- Drops file in System32 directory
behavioral1

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Discovery

System Information Discovery

Query Registry

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

quasaroffice04spywaretrojan

© 2018-2024

Terms | Privacy