quasar | 09c580ea4063cb2f16bce177151628d3e9c04a87ba2c0bcb7e6d1d588b8563ed | Triage

Sharing

General

Target

09C580EA4063CB2F16BCE177151628D3E9C04A87BA2C0.exe
Size

6.6MB
Sample

230206-wpqrgafb93
MD5

81e1869c9f3495afba6c21bf71a10292
SHA1

b5c056e5cc14b88d5115a47a86b8df43c6b6eed1
SHA256

09c580ea4063cb2f16bce177151628d3e9c04a87ba2c0bcb7e6d1d588b8563ed
SHA512

8717f6db2c25eef0daba503270787e6590a4aaf3b6cfd622f1da2907a212e42e12394731d8a6b0486024c2e71677574011d25340870786f0551acee92402fe24
SSDEEP

196608:XqMIY4MLN9onJ5hrZEK3e9tGPqK6wTbPfFwc5CVsf5:gup9c5hlEK/PN6w3XCVm

Score

10^/10

quasar office04 pyinstaller spyware trojan

Malware Config

Extracted

Family

quasar

Version

1.4.0

Botnet

Office04

C2

91.209.226.129:4477

Mutex

aab8fb23-9414-4086-92a8-8f9df7355991

Attributes

encryption_key
115C3BBD6300A13A8593E1EA090433CDAA8539CA
install_name
Client.exe
log_directory
Logs
reconnect_delay
3000
startup_key
Quasar Client Startup
subdirectory
SubDir

Targets

- Target
  
  09C580EA4063CB2F16BCE177151628D3E9C04A87BA2C0.exe
- Size
  
  6.6MB
- MD5
  
  81e1869c9f3495afba6c21bf71a10292
- SHA1
  
  b5c056e5cc14b88d5115a47a86b8df43c6b6eed1
- SHA256
  
  09c580ea4063cb2f16bce177151628d3e9c04a87ba2c0bcb7e6d1d588b8563ed
- SHA512
  
  8717f6db2c25eef0daba503270787e6590a4aaf3b6cfd622f1da2907a212e42e12394731d8a6b0486024c2e71677574011d25340870786f0551acee92402fe24
- SSDEEP
  
  196608:XqMIY4MLN9onJ5hrZEK3e9tGPqK6wTbPfFwc5CVsf5:gup9c5hlEK/PN6w3XCVm
Score

10^/10

quasar office04 spyware trojan
- Quasar RAT
  Quasar is an open source Remote Access Tool.
  trojan spyware quasar
- Quasar payload
- Loads dropped DLL
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

quasaroffice04spywaretrojan

behavioral2