quasar | 6bc733f11af6d7dce26816caa4e0bfba8f72db07c997b043619186a2e85589ed | Triage

Submit
Reports

Overview

overview

Static

static

Client-Built.exe

windows11-21h2-x64

Sharing

General

Target

Client-Built.exe
Size

3.1MB
Sample

240630-vx364a1ejg
MD5

a83d80a0db9a509be7acfa3c7ba9a066
SHA1

6e3c59fc948ae86e8d2d38e42b232e397f40bc48
SHA256

6bc733f11af6d7dce26816caa4e0bfba8f72db07c997b043619186a2e85589ed
SHA512

eaef06a27315caf66127a0024831444ba85c621f50b73ba31c105fc0987902214226c83fbec005de3c0603d0bfff00516a44d63a64cd4301abb3fc2967bd1c99
SSDEEP

49152:bvzlL26AaNeWgPhlmVqvMQ7XSKmAu4WDfR9YoGdfTrNGTHHB72eh2NT:bvpL26AaNeWgPhlmVqkQ7XSKmf4jv

Score

10^/10

quasar office04 spyware trojan

Static task

static1

office04 quasar

3 signatures

Behavioral task

behavioral1

Sample

Client-Built.exe

Resource

win11-20240508-en

quasar office04 spyware trojan

windows11-21h2-x64

8 signatures

150 seconds

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

Office04

C2

192.168.0.177:4782

Mutex

fd713a2a-810e-4800-b077-4b0e564f16e9

Attributes

encryption_key
6B559FBA33993D944FD324F1D59D7F6E5BD04C2E
install_name
WaveKeysGenrator.exe
log_directory
Logs
reconnect_delay
3000
startup_key
Quasar Client Startup
subdirectory
RATS

Targets

- Target
  
  Client-Built.exe
- Size
  
  3.1MB
- MD5
  
  a83d80a0db9a509be7acfa3c7ba9a066
- SHA1
  
  6e3c59fc948ae86e8d2d38e42b232e397f40bc48
- SHA256
  
  6bc733f11af6d7dce26816caa4e0bfba8f72db07c997b043619186a2e85589ed
- SHA512
  
  eaef06a27315caf66127a0024831444ba85c621f50b73ba31c105fc0987902214226c83fbec005de3c0603d0bfff00516a44d63a64cd4301abb3fc2967bd1c99
- SSDEEP
  
  49152:bvzlL26AaNeWgPhlmVqvMQ7XSKmAu4WDfR9YoGdfTrNGTHHB72eh2NT:bvpL26AaNeWgPhlmVqkQ7XSKmf4jv
Score

10^/10

quasar office04 spyware trojan
- Quasar RAT
  Quasar is an open source Remote Access Tool.
  trojan spyware quasar
- Quasar payload
- Executes dropped EXE
behavioral1

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

quasaroffice04spywaretrojan

© 2018-2024

Terms | Privacy