quasar | 08d8a25cd656729189ca892bedf7938bed5d77d1b87df0f148d8a1e2bfd97b8e | Triage

Sharing

General

Target

Client-built.exe
Size

3.1MB
Sample

230807-m6ynzaeh89
MD5

5c1a32689b011a239f97ed3bd910cecf
SHA1

a6b75db86fe60710263a9ea0f475a1f6e4c9ba9c
SHA256

08d8a25cd656729189ca892bedf7938bed5d77d1b87df0f148d8a1e2bfd97b8e
SHA512

71dbc1510e4de76cdd0e04d211f081e5163d35f3e10ab30f9e2aadd1bd0526b9d04d4e016687847c5825b68aa3406fa0e490bdfb19a6fb43372f2073ac1ce287
SSDEEP

49152:rvbI22SsaNYfdPBldt698dBcjH5g1wMBx04oGdwwTHHB72eh2NT:rvk22SsaNYfdPBldt6+dBcjHswYg

Score

10^/10

quasar office04 spyware stealer trojan

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

Office04

C2

2.tcp.ngrok.io:19647

Mutex

eff7fb15-f1b6-49a7-a5e8-41f76e365ecc

Attributes

encryption_key
1B550D191B71501C5CFCFD4E2C6AD3AB301AD330
install_name
Client.exe
log_directory
Logs
reconnect_delay
3000
startup_key
Quasar Client Startup
subdirectory
SubDir

Targets

- Target
  
  Client-built.exe
- Size
  
  3.1MB
- MD5
  
  5c1a32689b011a239f97ed3bd910cecf
- SHA1
  
  a6b75db86fe60710263a9ea0f475a1f6e4c9ba9c
- SHA256
  
  08d8a25cd656729189ca892bedf7938bed5d77d1b87df0f148d8a1e2bfd97b8e
- SHA512
  
  71dbc1510e4de76cdd0e04d211f081e5163d35f3e10ab30f9e2aadd1bd0526b9d04d4e016687847c5825b68aa3406fa0e490bdfb19a6fb43372f2073ac1ce287
- SSDEEP
  
  49152:rvbI22SsaNYfdPBldt698dBcjH5g1wMBx04oGdwwTHHB72eh2NT:rvk22SsaNYfdPBldt6+dBcjHswYg
Score

10^/10

quasar office04 spyware stealer trojan
- Quasar RAT
  Quasar is an open source Remote Access Tool.
  trojan spyware quasar
- Quasar payload
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Legitimate hosting services abused for malware hosting/C2
- Drops file in System32 directory
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

quasaroffice04spywarestealertrojan