quasar | de461824c1fa59cbf7d176ea8861fd8ccf940c0dd64e2ee778db4323c4b331fe | Triage

Submit
Reports

Overview

overview

Static

static

90c5baa103...ba.exe

windows7-x64

90c5baa103...ba.exe

windows10-2004-x64

Sharing

General

Target

a84e026ecca48ed97df640bb5b68e980.bin
Size

180KB
Sample

230528-b6m2padh24
MD5

dcbb9541d0bc014745efb844cbbd3da8
SHA1

ec2a0c94e8a31a30bf9a37880ccf33874f11c03d
SHA256

de461824c1fa59cbf7d176ea8861fd8ccf940c0dd64e2ee778db4323c4b331fe
SHA512

6228b0eff5bc3367bf4efb3ee0fdcde8f43408628eb4a26007555c44199d11bc81ba03f780b23f71648fcd28d454fb81bc14342213b6cd34620e70a74dca6b44
SSDEEP

3072:39lczVUeTIt/EYSUaIRHAjcywdxfeRyg6APrfVgKRQg0NuRfGCTl5Hy7W6:8VHUUkAneBgZpQwRfG4PyT

Score

10^/10

quasar office04 spyware trojan

Static task

static1

office04 quasar

3 signatures

Behavioral task

behavioral1

Sample

90c5baa1030eb91bb5f870eb75e48fe3187d41c938527695ae59bdc6fb6bd3ba.exe

Resource

win7-20230220-en

quasar office04 spyware trojan

windows7-x64

4 signatures

150 seconds

Behavioral task

behavioral2

Sample

90c5baa1030eb91bb5f870eb75e48fe3187d41c938527695ae59bdc6fb6bd3ba.exe

Resource

win10v2004-20230220-en

quasar office04 spyware trojan

windows10-2004-x64

4 signatures

150 seconds

Malware Config

Extracted

Family

quasar

Version

1.3.0.0

Botnet

Office04

C2

cryptersandtools.ddns.com.br:5552

Mutex

QSR_MUTEX_PV7LCoiUmiwD1RBPCq

Attributes

encryption_key
Vw2ej5yeMh01Kv7liiDf
install_name
Client.exe
log_directory
Logs
reconnect_delay
3000
startup_key
Quasar Client Startup
subdirectory
SubDir

Targets

- Target
  
  90c5baa1030eb91bb5f870eb75e48fe3187d41c938527695ae59bdc6fb6bd3ba.exe
- Size
  
  348KB
- MD5
  
  a84e026ecca48ed97df640bb5b68e980
- SHA1
  
  c7a8291fa7b7fd6ed7c633e95b6c48d646acfc6d
- SHA256
  
  90c5baa1030eb91bb5f870eb75e48fe3187d41c938527695ae59bdc6fb6bd3ba
- SHA512
  
  57c92c32df21dfc9346446ee4146da01e2fd52101f5fab1f24364addbc8bb3846b9f2fecc7b5f2c8fee5301be8b0af833a9d6b43f5ae73d55201167be4ef61c0
- SSDEEP
  
  6144:P7qQ4i1FFiEKrmVxmg1TnE0DaGbdRly/9LxcGBFGbVzS:jpli8xx1Q9tLxdBERzS
Score

10^/10

quasar office04 spyware trojan
- Quasar RAT
  Quasar is an open source Remote Access Tool.
  trojan spyware quasar
- Quasar payload
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

quasaroffice04spywaretrojan

behavioral2

quasaroffice04spywaretrojan

© 2018-2024

Terms | Privacy