quasar | 4041ad409dcfd7b2ae14b4b7ac5928debb38e2e02dcb7837e1ebacf0a1ed3773 | Triage

Submit
Reports

Overview

overview

Static

static

explorer.exe

windows7-x64

explorer.exe

windows10-2004-x64

Sharing

General

Target

explorer.exe
Size

3.1MB
Sample

230609-v9jcfsdf7v
MD5

b4d796b1d427b448f9406aee07959eff
SHA1

9b731c6304518c686ef1a0675c77f74163aad60c
SHA256

4041ad409dcfd7b2ae14b4b7ac5928debb38e2e02dcb7837e1ebacf0a1ed3773
SHA512

43da91f6814eb66784954af83463c1b663689a37dfc76015cf566fef50b896b0273ed3e72d4580382720cb7f5f26bd2e25d0c0accd6b3526b15082cea83d7454
SSDEEP

49152:Dvkt62XlaSFNWPjljiFa2RoUYIHORJ6xbR3LoGdxTHHB72eh2NT:Dv462XlaSFNWPjljiFXRoUYIHORJ6T

Score

10^/10

quasar office04 spyware trojan

Static task

static1

office04 quasar

3 signatures

Behavioral task

behavioral1

Sample

explorer.exe

Resource

win7-20230220-en

quasar office04 spyware trojan

windows7-x64

6 signatures

150 seconds

Behavioral task

behavioral2

Sample

explorer.exe

Resource

win10v2004-20230220-en

quasar office04 spyware trojan

windows10-2004-x64

8 signatures

150 seconds

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

Office04

C2

ratcentho.ddns.net:1604

Mutex

a48091b5-8649-4186-b51d-37847b346bbb

Attributes

encryption_key
E111C166FC0FC5E69CF243BDE5027B1BBD76712A
install_name
Client.exe
log_directory
Logs
reconnect_delay
3000
startup_key
csrss
subdirectory
SubDir

Targets

- Target
  
  explorer.exe
- Size
  
  3.1MB
- MD5
  
  b4d796b1d427b448f9406aee07959eff
- SHA1
  
  9b731c6304518c686ef1a0675c77f74163aad60c
- SHA256
  
  4041ad409dcfd7b2ae14b4b7ac5928debb38e2e02dcb7837e1ebacf0a1ed3773
- SHA512
  
  43da91f6814eb66784954af83463c1b663689a37dfc76015cf566fef50b896b0273ed3e72d4580382720cb7f5f26bd2e25d0c0accd6b3526b15082cea83d7454
- SSDEEP
  
  49152:Dvkt62XlaSFNWPjljiFa2RoUYIHORJ6xbR3LoGdxTHHB72eh2NT:Dv462XlaSFNWPjljiFXRoUYIHORJ6T
Score

10^/10

quasar office04 spyware trojan
- Quasar RAT
  Quasar is an open source Remote Access Tool.
  trojan spyware quasar
- Quasar payload
- Executes dropped EXE
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

quasaroffice04spywaretrojan

behavioral2

quasaroffice04spywaretrojan

© 2018-2024

Terms | Privacy