Extracted

• • Target

    5b1365bd1c3648fdfe1aa9699e1647b3967bf3824c0b03eb4e67ef4599840135.exe

  • Size

    4.4MB

  • MD5

    e862112b0a3781dcf75eaf11b8b6ea7d

  • SHA1

    725b9a18c2c6cdd616ad10d6f9e977753c7eb0e4

  • SHA256

    5b1365bd1c3648fdfe1aa9699e1647b3967bf3824c0b03eb4e67ef4599840135

  • SHA512

    6a5ebf286858e2a814fedf81fae111bd4468eaafe19ecc2a7eadf2d441b9584bab4ee4a3c5f83415d5cc31bbe11f7888e6dbe2a0a8a006affaefe463de3f535f

  • SSDEEP

    98304:+4uKDZOjVXFcG7BEcyZeW+gP/i6jepIA90sK6LovYr5K49ZQ:+4uKDeFT7BEcyZpDP/RERXKsog5BHQ

  Score

  10^/10

  quasaroffice04persistencespywaretrojan

  • Quasar RAT

    Quasar is an open source Remote Access Tool.

    trojanspywarequasar

  • Quasar payload

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Adds Run key to start application

    persistence

  • Suspicious use of SetThreadContext

  behavioral1behavioral2