quasar | e3c05e377bb3d08792a47d2d04488df5048549e96939a7207c5ef14015d2c329 | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

quasar.exe

windows10-2004-x64

Sharing

General

Target

quasar.exe
Size

3.1MB
Sample

230705-s6dlpadf73
MD5

8b0270a1fe2e8b6d98bd29ce11d18f9c
SHA1

a64f7a329f2e741d6ce6a3dd3a66023e4885f8c7
SHA256

e3c05e377bb3d08792a47d2d04488df5048549e96939a7207c5ef14015d2c329
SHA512

52e7f3ace9b489729fa8a0434dd362f88e5af8ec34c36b8f40f05fa8fcbc8316ec1e578d8cc6ea2ae9a1e7c7b06ace205f354562988b4428f34066f17589d168
SSDEEP

49152:Xv9z92YpaQI6oPZlhP3ReybewoMdRJ6XbR3LoGdasTHHB72eh2NT:XvV92YpaQI6oPZlhP3YybewoMdRJ6pK

Score

10^/10

quasar office04 spyware trojan

Static task

static1

office04 quasar

3 signatures

Behavioral task

behavioral1

Sample

quasar.exe

Resource

win10v2004-20230703-it

quasar office04 spyware trojan

windows10-2004-x64

8 signatures

1800 seconds

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

Office04

C2

192.168.56.1:4782

93.35.198.71:4782

7.tcp.eu.ngrok.io:14313:25565

Mutex

63eac64e-75b2-49ce-8a2e-3d1114815132

Attributes

encryption_key
4C728E4D527117B7094ADC3922AFF7A3BF47EF70
install_name
WinSysUpdate.exe
log_directory
Logs
reconnect_delay
3000
startup_key
Quasar Client Startup
subdirectory
WinSysAnalisis

Targets

- Target
  
  quasar.exe
- Size
  
  3.1MB
- MD5
  
  8b0270a1fe2e8b6d98bd29ce11d18f9c
- SHA1
  
  a64f7a329f2e741d6ce6a3dd3a66023e4885f8c7
- SHA256
  
  e3c05e377bb3d08792a47d2d04488df5048549e96939a7207c5ef14015d2c329
- SHA512
  
  52e7f3ace9b489729fa8a0434dd362f88e5af8ec34c36b8f40f05fa8fcbc8316ec1e578d8cc6ea2ae9a1e7c7b06ace205f354562988b4428f34066f17589d168
- SSDEEP
  
  49152:Xv9z92YpaQI6oPZlhP3ReybewoMdRJ6XbR3LoGdasTHHB72eh2NT:XvV92YpaQI6oPZlhP3YybewoMdRJ6pK
Score

10^/10

quasar office04 spyware trojan
- Quasar RAT
  Quasar is an open source Remote Access Tool.
  trojan spyware quasar
- Quasar payload
- Executes dropped EXE
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

quasaroffice04spywaretrojan

© 2018-2025

Terms | Privacy