quasar | f5e8453578160fc03ec2ea6d84a3519493b7f100a66874ded121f09814a28ff7 | Triage

Submit
Reports

Overview

overview

Static

static

3

Mainotp.exe

windows10-2004-x64

Mainotp.pyc

windows10-2004-x64

3

Sharing

General

Target

Mainotp.exe
Size

22.7MB
Sample

230902-x94z9sfc5w
MD5

e95267d5fb2249f91de771731f2e3267
SHA1

fd4b64cc3f886651bbdcbd312c644ada4d9b353c
SHA256

f5e8453578160fc03ec2ea6d84a3519493b7f100a66874ded121f09814a28ff7
SHA512

fb8895a7936ab73638ba87815a0c006b008b9d4764ff9ec78631899b530d09673d022d582a7006697068c9c8a375ab5d9cc573f5a6faa77369813680a5d65efd
SSDEEP

393216:c72E+CAnbbEcsOrXFV14+JB6jQWHd59otoElvpPkke+iWPLbM6C6oNGvlP5450o:u+CM/7TFV148+9P+yEFZ23KLbM6koe7

Score

10^/10

quasar office04 spyware trojan upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

Mainotp.exe

Resource

win10v2004-20230831-en

quasar office04 spyware trojan upx

windows10-2004-x64

15 signatures

60 seconds

Behavioral task

behavioral2

Sample

Mainotp.pyc

Resource

win10v2004-20230831-en

windows10-2004-x64

3 signatures

60 seconds

Malware Config

Extracted

Family

quasar

Version

1.4.0.0

Botnet

Office04

C2

185.238.3.205:6669

Mutex

FZ9tFtIMY3x5Jj5ovh

Attributes

encryption_key
1HbcTxYxyoztsN63DXRU
install_name
Client.exe
log_directory
Logs
reconnect_delay
3000
startup_key
Quasar Client Startup
subdirectory
SubDir

Targets

- Target
  
  Mainotp.exe
- Size
  
  22.7MB
- MD5
  
  e95267d5fb2249f91de771731f2e3267
- SHA1
  
  fd4b64cc3f886651bbdcbd312c644ada4d9b353c
- SHA256
  
  f5e8453578160fc03ec2ea6d84a3519493b7f100a66874ded121f09814a28ff7
- SHA512
  
  fb8895a7936ab73638ba87815a0c006b008b9d4764ff9ec78631899b530d09673d022d582a7006697068c9c8a375ab5d9cc573f5a6faa77369813680a5d65efd
- SSDEEP
  
  393216:c72E+CAnbbEcsOrXFV14+JB6jQWHd59otoElvpPkke+iWPLbM6C6oNGvlP5450o:u+CM/7TFV148+9P+yEFZ23KLbM6koe7
Score

10^/10

quasar office04 spyware trojan upx
- Quasar RAT
  Quasar is an open source Remote Access Tool.
  trojan spyware quasar
- Quasar payload
- Blocklisted process makes network request
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1
- Target
  
  Mainotp.pyc
- Size
  
  298KB
- MD5
  
  feea5588f68f7112db03c83c5f0ead8d
- SHA1
  
  9e6bcd695f856cb711ac877ee02ec711c8a7782a
- SHA256
  
  d4f8c61f0c7c214fdd8213d79163f25fc9cdb03978038f3631f767ca45bc5add
- SHA512
  
  bf90bbf6dc90df998004e26edbb849d8c5a33633e96e54e9bda21582ef802a01ead652e563d61107b341701b269e5172750ba57c81664a54779ae525d57941e9
- SSDEEP
  
  6144:iaxVppz2ezJInTqmy/nL1q8FQxFTaJL+CvHbne:iaDppzDH/nL1bq4t+6re
Score

3^/10
behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Hide Artifacts

Hidden Files and Directories

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

quasaroffice04spywaretrojanupx

behavioral2

© 2018-2025

Terms | Privacy