quasar | 4dcc4adaa8c709d9db205c7267ec6da26930c0420aa54a77fed6217a9e6fdb98 | Triage

Submit
Reports

Overview

overview

Static

static

DOCUMENT.EXE

windows7_x64

DOCUMENT.EXE

windows10_x64

Resubmissions

17-06-2021 13:06

210617-e9xpw8561s 10

14-06-2021 16:02

210614-ntxhahdk2n 10

Sharing

General

Target

DOCUMENT.EXE
Size

1.1MB
Sample

210617-e9xpw8561s
MD5

53964b6a40bfe2b10d36ba5e3d52966a
SHA1

b459111cfb08fb42238e8421583cea226226e769
SHA256

4dcc4adaa8c709d9db205c7267ec6da26930c0420aa54a77fed6217a9e6fdb98
SHA512

03847f73a33a43bf84666db4a70167506d17b567f404098fd5237b704d30d1b35d7d50d2812a1f5c1b735bf13b915a448e3be9f8af9c3cc253f8ae6eacc3fea8

Score

10^/10

quasar office04 spyware trojan

Static task

static1

Behavioral task

behavioral1

Sample

DOCUMENT.EXE

Resource

win7v20210410

quasar office04 spyware trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

DOCUMENT.EXE

Resource

win10v20210410

quasar office04 spyware trojan

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

quasar

Version

1.3.0.0

Botnet

Office04

C2

31.210.20.167:5959

Mutex

QSR_MUTEX_pigwsPWGHX1pUkN87z

Attributes

encryption_key
oPLMDVWSDoMfcmNgvJgd
install_name
Client.exe
log_directory
Logs
reconnect_delay
3000
startup_key
Quasar Client Startup
subdirectory
SubDir

Targets

- Target
  
  DOCUMENT.EXE
- Size
  
  1.1MB
- MD5
  
  53964b6a40bfe2b10d36ba5e3d52966a
- SHA1
  
  b459111cfb08fb42238e8421583cea226226e769
- SHA256
  
  4dcc4adaa8c709d9db205c7267ec6da26930c0420aa54a77fed6217a9e6fdb98
- SHA512
  
  03847f73a33a43bf84666db4a70167506d17b567f404098fd5237b704d30d1b35d7d50d2812a1f5c1b735bf13b915a448e3be9f8af9c3cc253f8ae6eacc3fea8
Score

10^/10

quasar office04 spyware trojan
- Quasar Payload
- Quasar RAT
  Quasar is an open source Remote Access Tool.
  trojan spyware quasar
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

quasaroffice04spywaretrojan

behavioral2

quasaroffice04spywaretrojan

© 2018-2024

Terms | Privacy