Triage | Malware sandboxing report by Hatching Triage

Resubmissions

23-07-2021 10:14

210723-tke37qc4wx 10

24-06-2021 13:06

210624-tmff1at666 10

Sharing

General

Target

439e49a4df2f4bcc359283d02f612e98
Size

527KB
Sample

210624-tmff1at666
MD5

439e49a4df2f4bcc359283d02f612e98
SHA1

bf6e8632bedeb80e72f664e2d4ca8b260a77115d
SHA256

a792be03af23fe52b708d22df6cadeb3374bb5500416a862eee57ea56db20fd5
SHA512

4d1fd328d45b67ce5a8acb91fe25cbc6e4b6bc252ef95e94cb43ae3264f83f77d0e66cff16fbe8b40a2ac063c8b95758dd6969001a1d56a7e4f96ca3a786c992

Score

10^/10

quasar office04 spyware trojan

Malware Config

Extracted

Family

quasar

Version

1.4.0

Botnet

Office04

C2

45.77.20.114:1604

Attributes

encryption_key
7E1D5BE8A11725FE11CAC5785F9684E24960D4AC
install_name
Media.exe
log_directory
Logs
reconnect_delay
3000
startup_key
Media
subdirectory
SubDir

Targets

- Target
  
  439e49a4df2f4bcc359283d02f612e98
- Size
  
  527KB
- MD5
  
  439e49a4df2f4bcc359283d02f612e98
- SHA1
  
  bf6e8632bedeb80e72f664e2d4ca8b260a77115d
- SHA256
  
  a792be03af23fe52b708d22df6cadeb3374bb5500416a862eee57ea56db20fd5
- SHA512
  
  4d1fd328d45b67ce5a8acb91fe25cbc6e4b6bc252ef95e94cb43ae3264f83f77d0e66cff16fbe8b40a2ac063c8b95758dd6969001a1d56a7e4f96ca3a786c992
Score

10^/10

quasar office04 spyware trojan
- Quasar Payload
- Quasar RAT
  Quasar is an open source Remote Access Tool.
  trojan spyware quasar
- Executes dropped EXE
behavioral1 behavioral2

MITRE ATT&CK Matrix

Collection

Command and Control

Credential Access

Defense Evasion

Discovery

Execution

Exfiltration

Impact

Initial Access

Lateral Movement

Persistence

Scheduled Task

Privilege Escalation

Tasks

static1

behavioral1

quasaroffice04spywaretrojan

behavioral2

quasaroffice04spywaretrojan