quasar | a792be03af23fe52b708d22df6cadeb3374bb5500416a862eee57ea56db20fd5 | Triage

Resubmissions

23-07-2021 10:14

210723-tke37qc4wx 10

24-06-2021 13:06

210624-tmff1at666 10

Sharing

General

Target

439e49a4df2f4bcc359283d02f612e98
Size

527KB
Sample

210624-tmff1at666
MD5

439e49a4df2f4bcc359283d02f612e98
SHA1

bf6e8632bedeb80e72f664e2d4ca8b260a77115d
SHA256

a792be03af23fe52b708d22df6cadeb3374bb5500416a862eee57ea56db20fd5
SHA512

4d1fd328d45b67ce5a8acb91fe25cbc6e4b6bc252ef95e94cb43ae3264f83f77d0e66cff16fbe8b40a2ac063c8b95758dd6969001a1d56a7e4f96ca3a786c992

Score

10^/10

quasar office04 spyware trojan

Malware Config

Extracted

Family

quasar

Version

1.4.0

Botnet

Office04

C2

45.77.20.114:1604

Mutex

39083318-6c39-4d8c-beda-fd48beb29cc9

Attributes

encryption_key
7E1D5BE8A11725FE11CAC5785F9684E24960D4AC
install_name
Media.exe
log_directory
Logs
reconnect_delay
3000
startup_key
Media
subdirectory
SubDir

Targets

- Target
  
  439e49a4df2f4bcc359283d02f612e98
- Size
  
  527KB
- MD5
  
  439e49a4df2f4bcc359283d02f612e98
- SHA1
  
  bf6e8632bedeb80e72f664e2d4ca8b260a77115d
- SHA256
  
  a792be03af23fe52b708d22df6cadeb3374bb5500416a862eee57ea56db20fd5
- SHA512
  
  4d1fd328d45b67ce5a8acb91fe25cbc6e4b6bc252ef95e94cb43ae3264f83f77d0e66cff16fbe8b40a2ac063c8b95758dd6969001a1d56a7e4f96ca3a786c992
Score

10^/10

quasar office04 spyware trojan
- Quasar Payload
- Quasar RAT
  Quasar is an open source Remote Access Tool.
  trojan spyware quasar
- Executes dropped EXE
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

quasaroffice04spywaretrojan

behavioral2

quasaroffice04spywaretrojan