quasar | 14df5d1e4b0be12a769c1c8ba950c4c2a192cc4f145dbe9decec59bf2706788b | Triage

Sharing

General

Target

2
Size

2.7MB
Sample

230321-rvwsfsah95
MD5

654a5edfc6d36d1d475c50a8c852f2fc
SHA1

48c4da32b00cfcaed25486b9494ec515a1773b40
SHA256

14df5d1e4b0be12a769c1c8ba950c4c2a192cc4f145dbe9decec59bf2706788b
SHA512

9ade8e74584193ddc1f853201b87fb86ba160bf3cc197d17e51109d3b6b46ba1ea658b0a161b2fc321fa12b6ff5466747cc2c0ec71f9fabdacbb356f510752ab
SSDEEP

49152:c0xDDQQGj33SmdY5sKfLeG2QRaLaOUaO1kcQu79tlTXCyza32ehyfTAm:c0RQQGj33SGmsKfLeG2QRaGOUaO1kcQ6

Score

10^/10

quasar office04 spyware trojan

Malware Config

Extracted

Family

quasar

Version

1.4.0

Botnet

Office04

C2

161.97.148.204:1604

Mutex

dabdfe29-55de-460b-9c36-9570f2b03a88

Attributes

encryption_key
4795EB97A05AE5F4E669D4B7FFF6608D94FC9027
install_name
Client.exe
log_directory
Logs
reconnect_delay
3000
startup_key
Quasar Client Startup
subdirectory
SubDir

Targets

- Target
  
  2
- Size
  
  2.7MB
- MD5
  
  654a5edfc6d36d1d475c50a8c852f2fc
- SHA1
  
  48c4da32b00cfcaed25486b9494ec515a1773b40
- SHA256
  
  14df5d1e4b0be12a769c1c8ba950c4c2a192cc4f145dbe9decec59bf2706788b
- SHA512
  
  9ade8e74584193ddc1f853201b87fb86ba160bf3cc197d17e51109d3b6b46ba1ea658b0a161b2fc321fa12b6ff5466747cc2c0ec71f9fabdacbb356f510752ab
- SSDEEP
  
  49152:c0xDDQQGj33SmdY5sKfLeG2QRaLaOUaO1kcQu79tlTXCyza32ehyfTAm:c0RQQGj33SGmsKfLeG2QRaGOUaO1kcQ6
Score

10^/10

quasar office04 spyware trojan
- Quasar RAT
  Quasar is an open source Remote Access Tool.
  trojan spyware quasar
- Quasar payload
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

quasaroffice04spywaretrojan