quasar | 8cb80c88fea397c4b823bbe69891809fefb8fe98224a1552ac0cced93ed3437c | Triage

Submit
Reports

Overview

overview

Static

static

Client-built.exe

windows7-x64

Client-built.exe

windows10-2004-x64

Sharing

General

Target

Client-built.exe
Size

3.1MB
Sample

230530-rew4aaaa25
MD5

d5745aeed95df53334f3e3de9808b874
SHA1

88877da94ce9c4121d5f5eb3fa9edb9fdf3a80ce
SHA256

8cb80c88fea397c4b823bbe69891809fefb8fe98224a1552ac0cced93ed3437c
SHA512

fe9512143d7020dadb5968025e3198d11dcebe66a0407c79ba27dc09a7459247c7265988a102749bed44c6b79e4b797a28268cbe2da03a58e47d2b19224ad413
SSDEEP

49152:0v/t62XlaSFNWPjljiFa2RoUYI+ZyP+vEzTHHB72eh2NT:0vV62XlaSFNWPjljiFXRoUYI+Zi

Score

10^/10

quasar office04 spyware trojan

Static task

static1

office04 quasar

3 signatures

Behavioral task

behavioral1

Sample

Client-built.exe

Resource

win7-20230220-en

quasar office04 spyware trojan

windows7-x64

10 signatures

150 seconds

Behavioral task

behavioral2

Sample

Client-built.exe

Resource

win10v2004-20230220-en

quasar office04 spyware trojan

windows10-2004-x64

13 signatures

150 seconds

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

Office04

C2

181.215.176.73:59955

Mutex

efc7c4e1-67b9-4193-a637-9063d2f6052c

Attributes

encryption_key
01A024E271E79DC5F555EC503C0E2AB6090246F2
install_name
repl.exe
log_directory
Logs
reconnect_delay
3000
startup_key
replstart
subdirectory
repl

Targets

- Target
  
  Client-built.exe
- Size
  
  3.1MB
- MD5
  
  d5745aeed95df53334f3e3de9808b874
- SHA1
  
  88877da94ce9c4121d5f5eb3fa9edb9fdf3a80ce
- SHA256
  
  8cb80c88fea397c4b823bbe69891809fefb8fe98224a1552ac0cced93ed3437c
- SHA512
  
  fe9512143d7020dadb5968025e3198d11dcebe66a0407c79ba27dc09a7459247c7265988a102749bed44c6b79e4b797a28268cbe2da03a58e47d2b19224ad413
- SSDEEP
  
  49152:0v/t62XlaSFNWPjljiFa2RoUYI+ZyP+vEzTHHB72eh2NT:0vV62XlaSFNWPjljiFXRoUYI+Zi
Score

10^/10

quasar office04 spyware trojan
- Quasar RAT
  Quasar is an open source Remote Access Tool.
  trojan spyware quasar
- Quasar payload
- Executes dropped EXE
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Discovery

System Information Discovery

Query Registry

Peripheral Device Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

quasaroffice04spywaretrojan

behavioral2

quasaroffice04spywaretrojan

© 2018-2024

Terms | Privacy