quasar | 7697ebe5ea4766b1653f58aa24327679b35fa917877568238ac306a913289b40 | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

7697ebe5ea...40.exe

windows7-x64

7697ebe5ea...40.exe

windows10-2004-x64

Sharing

General

Target

7697ebe5ea4766b1653f58aa24327679b35fa917877568238ac306a913289b40
Size

502KB
Sample

221122-jc9btseb32
MD5

16db55265ceb495867c35c68a1b672ab
SHA1

1b18cb285e91c3f9c78f4f3a18a8baf5df6b6fc4
SHA256

7697ebe5ea4766b1653f58aa24327679b35fa917877568238ac306a913289b40
SHA512

bc4dde6ef69c606753d05fd303b0385d5dec303ce2b399de37e29dd2c085c53e47309381f34b503f87d27a66420c1c21ba8c98c81490c3614f679b8bfc034a6d
SSDEEP

6144:MTEgdc0Y5ebGbXOsA6j1RdhQA3CpXJ9J6jFivvvcE6Ob8F9ogRXOc0UblHcTR36:MTEgdfYhA6bGqKKpNeYlHcd6

Score

10^/10

quasar office04 spyware trojan

Static task

static1

office04 quasar

2 signatures

Behavioral task

behavioral1

Sample

7697ebe5ea4766b1653f58aa24327679b35fa917877568238ac306a913289b40.exe

Resource

win7-20221111-en

quasar office04 spyware trojan

windows7-x64

9 signatures

150 seconds

Behavioral task

behavioral2

Sample

7697ebe5ea4766b1653f58aa24327679b35fa917877568238ac306a913289b40.exe

Resource

win10v2004-20220901-en

quasar office04 spyware trojan

windows10-2004-x64

8 signatures

150 seconds

Malware Config

Extracted

Family

quasar

Version

1.4.0

Botnet

Office04

C2

eggsbenedict.onthewifi.com:2448

Mutex

047fff9d-5ae7-4a17-a172-45ccd40ba62f

Attributes

encryption_key
28D26D97888ABDC848F4C65C4EE630CCEF1C1B67
install_name
Client.exe
log_directory
Logs
reconnect_delay
3000
startup_key
Quasar Client Startup
subdirectory
SubDir

Targets

- Target
  
  7697ebe5ea4766b1653f58aa24327679b35fa917877568238ac306a913289b40
- Size
  
  502KB
- MD5
  
  16db55265ceb495867c35c68a1b672ab
- SHA1
  
  1b18cb285e91c3f9c78f4f3a18a8baf5df6b6fc4
- SHA256
  
  7697ebe5ea4766b1653f58aa24327679b35fa917877568238ac306a913289b40
- SHA512
  
  bc4dde6ef69c606753d05fd303b0385d5dec303ce2b399de37e29dd2c085c53e47309381f34b503f87d27a66420c1c21ba8c98c81490c3614f679b8bfc034a6d
- SSDEEP
  
  6144:MTEgdc0Y5ebGbXOsA6j1RdhQA3CpXJ9J6jFivvvcE6Ob8F9ogRXOc0UblHcTR36:MTEgdfYhA6bGqKKpNeYlHcd6
Score

10^/10

quasar office04 spyware trojan
- Quasar RAT
  Quasar is an open source Remote Access Tool.
  trojan spyware quasar
- Quasar payload
- Executes dropped EXE
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Remote System Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

quasaroffice04spywaretrojan

behavioral2

quasaroffice04spywaretrojan

© 2018-2025

Terms | Privacy