quasar | 21a458f98a08c49906ddeb20fb058350419d8cab506f20408d57db41afbb4d59 | Triage

Submit
Reports

Overview

overview

Static

static

3

Client-built..exe

windows11-21h2-x64

Sharing

General

Target

Client-built..exe
Size

1.4MB
Sample

240705-p7rcds1elc
MD5

f5c2be73823ebb66785a83768e52e980
SHA1

41fe86f34561783ea286d9cb5cf5310d3996c6d8
SHA256

21a458f98a08c49906ddeb20fb058350419d8cab506f20408d57db41afbb4d59
SHA512

63149a433d474452062404d09865e9efd0be9dafb9866da7e1dd149880a711be540bd13b3c80e8d811a0ff0811c88122dbdaf3ac1885eaa99d88c430f1118b7a
SSDEEP

24576:SBkVdlYAW0YS6qo50Np1eydBHUKCdaWhvqJzGQHlk27D20jtS7IaqX4u3YTu:2svwpmNveAHUKCXhNQHlk27D2yS7U4/K

Score

10^/10

quasar office04 spyware trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

Client-built..exe

Resource

win11-20240704-en

quasar office04 spyware trojan

windows11-21h2-x64

9 signatures

1800 seconds

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

Office04

C2

five-sequences.gl.at.ply.gg:47561

Mutex

52538090-621d-4a1c-a61f-f49482c94fb1

Attributes

encryption_key
7B4436DBF50D42B9F94267172ADD0B3430D55E7D
install_name
Client.exe
log_directory
Logs
reconnect_delay
3000
startup_key
Quasar Client Startup
subdirectory
SubDir

Targets

- Target
  
  Client-built..exe
- Size
  
  1.4MB
- MD5
  
  f5c2be73823ebb66785a83768e52e980
- SHA1
  
  41fe86f34561783ea286d9cb5cf5310d3996c6d8
- SHA256
  
  21a458f98a08c49906ddeb20fb058350419d8cab506f20408d57db41afbb4d59
- SHA512
  
  63149a433d474452062404d09865e9efd0be9dafb9866da7e1dd149880a711be540bd13b3c80e8d811a0ff0811c88122dbdaf3ac1885eaa99d88c430f1118b7a
- SSDEEP
  
  24576:SBkVdlYAW0YS6qo50Np1eydBHUKCdaWhvqJzGQHlk27D20jtS7IaqX4u3YTu:2svwpmNveAHUKCXhNQHlk27D2yS7U4/K
Score

10^/10

quasar office04 spyware trojan
- Quasar RAT
  Quasar is an open source Remote Access Tool.
  trojan spyware quasar
- Quasar payload
- Executes dropped EXE
behavioral1

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Discovery

System Information Discovery

Query Registry

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

quasaroffice04spywaretrojan

© 2018-2024

Terms | Privacy