quasar | 9d737c768d419aed55de299a114fb8b4928d263320caa4b35c08f4c0bb3fcb88 | Triage

Submit
Reports

Overview

overview

Static

static

3

NEAS.9d737...JC.exe

windows7-x64

NEAS.9d737...JC.exe

windows10-2004-x64

Sharing

General

Target

NEAS.9d737c768d419aed55de299a114fb8b4928d263320caa4b35c08f4c0bb3fcb88exe_JC.exe
Size

502KB
Sample

231023-v9xvvabg2v
MD5

f4a3d9404ad522ec1b9bd8feb8dca3b5
SHA1

33201170d62419689b5685b22325512c27ca16ab
SHA256

9d737c768d419aed55de299a114fb8b4928d263320caa4b35c08f4c0bb3fcb88
SHA512

c593bab9c02e4a5a78d420710e422e8b562e2d2e040c745a75aac4a44695ec8d8e83ef999abd17fdd0db0e668a390d93f9d121446fb2f702d982e0bc8e04beea
SSDEEP

6144:8zAOLe5C9/l3Iv3hlwJYrCp5+kP/af/9jwlYj4ixSP7PtcaZuSrg6n2i3UMyoQTk:8zxICbojRxEceusRn1EvQY

Score

10^/10

quasar office spyware trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

NEAS.9d737c768d419aed55de299a114fb8b4928d263320caa4b35c08f4c0bb3fcb88exe_JC.exe

Resource

win7-20231020-en

quasar office spyware trojan

windows7-x64

8 signatures

150 seconds

Behavioral task

behavioral2

Sample

NEAS.9d737c768d419aed55de299a114fb8b4928d263320caa4b35c08f4c0bb3fcb88exe_JC.exe

Resource

win10v2004-20231023-en

quasar office spyware trojan

windows10-2004-x64

8 signatures

150 seconds

Malware Config

Extracted

Family

quasar

Version

1.4.0.0

Botnet

Office

C2

37.1.207.27:222

Mutex

7xg1muSKali1I2y5IZ

Attributes

encryption_key
KWyZntdiPrrGnzylskuR
install_name
csrss.exe
log_directory
Logs
reconnect_delay
3000
startup_key
NET framework
subdirectory
SubDir

Extracted

Family

quasar

Attributes

reconnect_delay
3000

Targets

- Target
  
  NEAS.9d737c768d419aed55de299a114fb8b4928d263320caa4b35c08f4c0bb3fcb88exe_JC.exe
- Size
  
  502KB
- MD5
  
  f4a3d9404ad522ec1b9bd8feb8dca3b5
- SHA1
  
  33201170d62419689b5685b22325512c27ca16ab
- SHA256
  
  9d737c768d419aed55de299a114fb8b4928d263320caa4b35c08f4c0bb3fcb88
- SHA512
  
  c593bab9c02e4a5a78d420710e422e8b562e2d2e040c745a75aac4a44695ec8d8e83ef999abd17fdd0db0e668a390d93f9d121446fb2f702d982e0bc8e04beea
- SSDEEP
  
  6144:8zAOLe5C9/l3Iv3hlwJYrCp5+kP/af/9jwlYj4ixSP7PtcaZuSrg6n2i3UMyoQTk:8zxICbojRxEceusRn1EvQY
Score

10^/10

quasar office spyware trojan
- Quasar RAT
  Quasar is an open source Remote Access Tool.
  trojan spyware quasar
- Quasar payload
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

quasarofficespywaretrojan

behavioral2

quasarofficespywaretrojan

© 2018-2024

Terms | Privacy