quasar | 332a9d220e346c1d0ed92192147ff8cf234e42b9e422c9023d33686034b2676e | Triage

Submit
Reports

Overview

overview

Static

static

3

slowpihax-cracked.exe

windows11-21h2-x64

Sharing

General

Target

slowpihax-cracked.exe
Size

41.2MB
Sample

240705-saya8azhjq
MD5

e1aacaff10385b4147cf0c78b9e6cf3e
SHA1

fd1f946cbb067e4af14e7795eacb3b23e79d73b4
SHA256

332a9d220e346c1d0ed92192147ff8cf234e42b9e422c9023d33686034b2676e
SHA512

ca6eb54b5e5c20ef5c99998486ebc8dadc549eca0f82416ed1377b3f2106db2255979e223571f1c77c7fcf1e4dfdf5bc3a5ed01e852ec5c3708503800ffd4799
SSDEEP

786432:m40HRuticyhpmVdVzGXTOV7I/P8vHBoqp4ZFQiq856KuE+9xHQXnMtq6gNqPiJx9:X0o0hIGXTOW2Wqp4ZFQlrH4eTP2

Score

10^/10

quasar office04 execution pyinstaller spyware trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

slowpihax-cracked.exe

Resource

win11-20240704-en

quasar office04 execution pyinstaller spyware trojan

windows11-21h2-x64

12 signatures

60 seconds

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

Office04

C2

192.168.0.7:4782

Mutex

fbd75815-2656-4e50-bfe0-7da7eafe0a05

Attributes

encryption_key
6BD3C203B48FE6DD196781EC4A2D071085C47FBA
install_name
system32.exe
log_directory
Logs
reconnect_delay
3000
startup_key
system32
subdirectory
subdir

Targets

- Target
  
  slowpihax-cracked.exe
- Size
  
  41.2MB
- MD5
  
  e1aacaff10385b4147cf0c78b9e6cf3e
- SHA1
  
  fd1f946cbb067e4af14e7795eacb3b23e79d73b4
- SHA256
  
  332a9d220e346c1d0ed92192147ff8cf234e42b9e422c9023d33686034b2676e
- SHA512
  
  ca6eb54b5e5c20ef5c99998486ebc8dadc549eca0f82416ed1377b3f2106db2255979e223571f1c77c7fcf1e4dfdf5bc3a5ed01e852ec5c3708503800ffd4799
- SSDEEP
  
  786432:m40HRuticyhpmVdVzGXTOV7I/P8vHBoqp4ZFQiq856KuE+9xHQXnMtq6gNqPiJx9:X0o0hIGXTOW2Wqp4ZFQlrH4eTP2
Score

10^/10

quasar office04 execution pyinstaller spyware trojan
- Quasar RAT
  Quasar is an open source Remote Access Tool.
  trojan spyware quasar
- Quasar payload
- Executes dropped EXE
behavioral1

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Discovery

System Information Discovery

Query Registry

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

quasaroffice04executionpyinstallerspywaretrojan

© 2018-2024

Terms | Privacy