Overview

overview

10

Static

static

3

tmp.exe

windows7-x64

1

tmp.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    tmp

  • Size

    13KB

  • Sample

    230603-l5jb8agd82

  • MD5

    391ba2756ec6942039c4ee86298ae17e

  • SHA1

    273c86c5fe62e8bae1edc91c0e48acad8c69ffe5

  • SHA256

    ba5a2409b8547d35233577a04c9a7dda6a40c29d7ced93361343815648a8cd4d

  • SHA512

    9e9a4820cb9efc6506978d952bb38658bec6523842bf3470ceb1a3964b612fe181c9e13ae2a69f81b297225144ed76d5923aa5f57d3e130996fc09ab51bffe5d

  • SSDEEP

    384:NrDBok9LvwWprNw9HzAHYPdnlAc4qfnPN:hBoYMz1Ac48P

Score
10/10
quasaroffice04spywaretrojan

Malware Config

Extracted

Family

quasar

Version

1.3.0.0

Botnet

Office04

C2

cryptersandtools.ddns.com.br:5552

Mutex

QSR_MUTEX_PV7LCoiUmiwD1RBPCq

Attributes
  • encryption_key

    2yfSzdUNgSe9EVCk7VEH

  • install_name

    Client.exe

  • log_directory

    Logs

  • reconnect_delay

    3000

  • startup_key

    Quasar Client Startup

  • subdirectory

    SubDir

Targets

    • Target

      tmp

    • Size

      13KB

    • MD5

      391ba2756ec6942039c4ee86298ae17e

    • SHA1

      273c86c5fe62e8bae1edc91c0e48acad8c69ffe5

    • SHA256

      ba5a2409b8547d35233577a04c9a7dda6a40c29d7ced93361343815648a8cd4d

    • SHA512

      9e9a4820cb9efc6506978d952bb38658bec6523842bf3470ceb1a3964b612fe181c9e13ae2a69f81b297225144ed76d5923aa5f57d3e130996fc09ab51bffe5d

    • SSDEEP

      384:NrDBok9LvwWprNw9HzAHYPdnlAc4qfnPN:hBoYMz1Ac48P

    Score
    10/10
    quasaroffice04spywaretrojan

    • Quasar RAT

      Quasar is an open source Remote Access Tool.

      trojanspywarequasar

    • Quasar payload

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks