quasar | 7443d9f59ad175d9404fe336f94676c36124c5b0bf863e2d22f81a9a5f8d0018 | Triage

Submit
Reports

Overview

overview

Static

static

2.0 clok me.exe

windows10-2004-x64

Sharing

General

Target

2.0 clok me.exe
Size

3.1MB
Sample

240706-gf6c8szdqg
MD5

6dcecd42ade14d495f34e3743eec421e
SHA1

0e5400b1b52e828d7025d716c9d02e9cf3eb1c26
SHA256

7443d9f59ad175d9404fe336f94676c36124c5b0bf863e2d22f81a9a5f8d0018
SHA512

ab7d74fd08f851a891a478ff0d6f1efdea432692c87b6118d01a63ca70aefd0a17288c9a5fc273648eb2b6a320ce696f69b999014c027309998ed7ba2d2f630a
SSDEEP

49152:nv+lL26AaNeWgPhlmVqvMQ7XSKeMRJ60bR3LoGdxTHHB72eh2NT:nvuL26AaNeWgPhlmVqkQ7XSKeMRJ6+

Score

10^/10

quasar office04 persistence spyware trojan

Static task

static1

office04 quasar

3 signatures

Behavioral task

behavioral1

Sample

2.0 clok me.exe

Resource

win10v2004-20240704-en

quasar office04 persistence spyware trojan

windows10-2004-x64

11 signatures

600 seconds

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

Office04

C2

tcp://TGH-40257.portmap.host:40257:4782

Mutex

e7d4fb50-d79c-4bd3-8707-360abef4571e

Attributes

encryption_key
6AFABF4F74C0812398C367F811C78D8A6479DC97
install_name
shaderpacks.exe
log_directory
Logs
reconnect_delay
3000
startup_key
ServiceHost:Windows Accessory
subdirectory
SubDir

Targets

- Target
  
  2.0 clok me.exe
- Size
  
  3.1MB
- MD5
  
  6dcecd42ade14d495f34e3743eec421e
- SHA1
  
  0e5400b1b52e828d7025d716c9d02e9cf3eb1c26
- SHA256
  
  7443d9f59ad175d9404fe336f94676c36124c5b0bf863e2d22f81a9a5f8d0018
- SHA512
  
  ab7d74fd08f851a891a478ff0d6f1efdea432692c87b6118d01a63ca70aefd0a17288c9a5fc273648eb2b6a320ce696f69b999014c027309998ed7ba2d2f630a
- SSDEEP
  
  49152:nv+lL26AaNeWgPhlmVqvMQ7XSKeMRJ60bR3LoGdxTHHB72eh2NT:nvuL26AaNeWgPhlmVqkQ7XSKeMRJ6+
Score

10^/10

quasar office04 persistence spyware trojan
- Quasar RAT
  Quasar is an open source Remote Access Tool.
  trojan spyware quasar
- Quasar payload
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Adds Run key to start application
  persistence
behavioral1

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Scheduled Task/Job

Scheduled Task

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Remote System Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

quasaroffice04persistencespywaretrojan

© 2018-2024

Terms | Privacy