quasar | 17473731182bcea4cee088d78f802ea947926a5cbc8708b4ba31d7585ee8b19f | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

3630b92ac5...02.exe

windows7-x64

3630b92ac5...02.exe

windows10-2004-x64

Sharing

General

Target

3630b92ac5ed33de5eb53b563913bb02.bin
Size

502KB
Sample

230331-blws4agb28
MD5

3630b92ac5ed33de5eb53b563913bb02
SHA1

34828f9a66c2c9c0f0cf93419dc96a62bfea476b
SHA256

17473731182bcea4cee088d78f802ea947926a5cbc8708b4ba31d7585ee8b19f
SHA512

034d8e4509816f18f2f75996914d9ef179985a5d53e002b982e208030d2b60413faec917ad6ac1e02f609261d57bb88221c7840271ab64f3cc0b54e3c2b5501b
SSDEEP

12288:dTEgdfYjbg+qBTaa4EywIGpYR1MIwcdD:+UwzgXywIGpYR6IwcdD

Score

10^/10

quasar office05 spyware trojan

Static task

static1

office05 quasar

2 signatures

Behavioral task

behavioral1

Sample

3630b92ac5ed33de5eb53b563913bb02.exe

Resource

win7-20230220-en

quasar office05 spyware trojan

windows7-x64

6 signatures

150 seconds

Behavioral task

behavioral2

Sample

3630b92ac5ed33de5eb53b563913bb02.exe

Resource

win10v2004-20230221-en

quasar office05 spyware trojan

windows10-2004-x64

11 signatures

150 seconds

Malware Config

Extracted

Family

quasar

Version

1.4.0

Botnet

Office05

C2

needforrat.hopto.org:7771

Mutex

d70dba78-082d-4d62-9d71-b4a1c6961022

Attributes

encryption_key
110272D9471BA005C613D451E07D98ABB8403AED
install_name
Client1.exe
log_directory
Logs
reconnect_delay
3000
startup_key
Windows Defender
subdirectory
SubDir

Targets

- Target
  
  3630b92ac5ed33de5eb53b563913bb02.bin
- Size
  
  502KB
- MD5
  
  3630b92ac5ed33de5eb53b563913bb02
- SHA1
  
  34828f9a66c2c9c0f0cf93419dc96a62bfea476b
- SHA256
  
  17473731182bcea4cee088d78f802ea947926a5cbc8708b4ba31d7585ee8b19f
- SHA512
  
  034d8e4509816f18f2f75996914d9ef179985a5d53e002b982e208030d2b60413faec917ad6ac1e02f609261d57bb88221c7840271ab64f3cc0b54e3c2b5501b
- SSDEEP
  
  12288:dTEgdfYjbg+qBTaa4EywIGpYR1MIwcdD:+UwzgXywIGpYR6IwcdD
Score

10^/10

quasar office05 spyware trojan
- Quasar RAT
  Quasar is an open source Remote Access Tool.
  trojan spyware quasar
- Quasar payload
- Executes dropped EXE
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

quasaroffice05spywaretrojan

behavioral2

quasaroffice05spywaretrojan

© 2018-2025

Terms | Privacy