quasar | hxxps://pcapi-server[.]com/download/Zhuriken[.]exe | Triage

Submit
Reports

Overview

overview

Static

static

1

URLScan

urlscan

1

https://pcapi-server...

windows10-1703-x64

https://pcapi-server...

windows10-2004-x64

https://pcapi-server...

windows11-21h2-x64

Sharing

General

Target

https://pcapi-server.com/download/Zhuriken.exe
Sample

240703-qyknxsyhrb

Score

10^/10

quasar office04 evasion execution spyware trojan

Static task

static1

URLScan task

urlscan1

Behavioral task

behavioral1

Sample

https://pcapi-server.com/download/Zhuriken.exe

Resource

win10-20240404-en

quasar office04 evasion execution spyware trojan

windows10-1703-x64

18 signatures

300 seconds

Behavioral task

behavioral2

Sample

https://pcapi-server.com/download/Zhuriken.exe

Resource

win10v2004-20240611-en

quasar office04 evasion execution spyware trojan

windows10-2004-x64

18 signatures

300 seconds

Behavioral task

behavioral3

Sample

https://pcapi-server.com/download/Zhuriken.exe

Resource

win11-20240508-en

quasar office04 evasion execution spyware trojan

windows11-21h2-x64

18 signatures

300 seconds

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

Office04

C2

91.92.253.215:4782

Mutex

4304b988-116c-4522-ab83-7f9ad875f60f

Attributes

encryption_key
A6B8B9B9B02FC86103A59CE003D7B3B45DAF8550
install_name
Client.exe
log_directory
ZhurikenLogs
reconnect_delay
3000
startup_key
Zhuriken Client Startup
subdirectory
SubDir

Targets

- Target
  
  https://pcapi-server.com/download/Zhuriken.exe
Score

10^/10

quasar office04 evasion execution spyware trojan
- Quasar RAT
  Quasar is an open source Remote Access Tool.
  trojan spyware quasar
- Quasar payload
- UAC bypass
  evasion trojan
- Command and Scripting Interpreter: PowerShell
  Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
  execution
- Downloads MZ/PE file
- Executes dropped EXE
- Checks whether UAC is enabled
  evasion trojan
- Suspicious use of SetThreadContext
behavioral1 behavioral2 behavioral3

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Abuse Elevation Control Mechanism

Bypass User Account Control

Defense Evasion

Abuse Elevation Control Mechanism

Bypass User Account Control

Impair Defenses

Disable or Modify Tools

Modify Registry

Credential Access

Discovery

System Information Discovery

Query Registry

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

urlscan1

behavioral1

quasaroffice04evasionexecutionspywaretrojan

behavioral2

quasaroffice04evasionexecutionspywaretrojan

behavioral3

quasaroffice04evasionexecutionspywaretrojan

© 2018-2024

Terms | Privacy