quasar | 8ad32ff282a91fd4dcc732cab9c853db3c0085dec8bbabb5388553938fd42f60 | Triage

Submit
Reports

Overview

overview

Static

static

tmp.exe

windows7-x64

tmp.exe

windows10-2004-x64

Sharing

General

Target

tmp
Size

344KB
Sample

221123-qv9tmsfa32
MD5

697898102d367f3a5fb7f790d199112e
SHA1

ee94d4ade21d267503869c47a3b61ff30bb6305d
SHA256

8ad32ff282a91fd4dcc732cab9c853db3c0085dec8bbabb5388553938fd42f60
SHA512

752fead6eff8116e5caf37d2c9af5f01bf756ec00e5bc98dabe72d552546e4537ef0d040c1f049e9707b536833abdd0b0f94ff4b4eb5cd2fa63cef22bb918b13
SSDEEP

6144:7zkVzIZzF1Pq2o2zlOlqZ+Tz3RNGfbQpNsYsoSA7fiCEq/ab:Dh1P22zlkTNsY/iy/ab

Score

10^/10

quasar officebox spyware trojan

Static task

static1

officebox quasar

2 signatures

Behavioral task

behavioral1

Sample

tmp.exe

Resource

win7-20220812-en

quasar officebox spyware trojan

windows7-x64

8 signatures

150 seconds

Behavioral task

behavioral2

Sample

tmp.exe

Resource

win10v2004-20220812-en

quasar officebox spyware trojan

windows10-2004-x64

7 signatures

150 seconds

Malware Config

Extracted

Family

quasar

Version

1.3.0.0

Botnet

OfficeBOX

C2

185.81.157.174:4554

Mutex

QSR_MUTEX_xSMql9r0AKSYarKyPE

Attributes

encryption_key
RQ0DJiJOKJWym1FwBiYm
install_name
Clientchrome.exe
log_directory
Logs
reconnect_delay
3000
startup_key
ChromeClient Startup
subdirectory
SubDir

Targets

- Target
  
  tmp
- Size
  
  344KB
- MD5
  
  697898102d367f3a5fb7f790d199112e
- SHA1
  
  ee94d4ade21d267503869c47a3b61ff30bb6305d
- SHA256
  
  8ad32ff282a91fd4dcc732cab9c853db3c0085dec8bbabb5388553938fd42f60
- SHA512
  
  752fead6eff8116e5caf37d2c9af5f01bf756ec00e5bc98dabe72d552546e4537ef0d040c1f049e9707b536833abdd0b0f94ff4b4eb5cd2fa63cef22bb918b13
- SSDEEP
  
  6144:7zkVzIZzF1Pq2o2zlOlqZ+Tz3RNGfbQpNsYsoSA7fiCEq/ab:Dh1P22zlkTNsY/iy/ab
Score

10^/10

quasar officebox spyware trojan
- Quasar RAT
  Quasar is an open source Remote Access Tool.
  trojan spyware quasar
- Quasar payload
- Executes dropped EXE
- Loads dropped DLL
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

officeboxquasar

behavioral1

quasarofficeboxspywaretrojan

behavioral2

quasarofficeboxspywaretrojan

© 2018-2024

Terms | Privacy