quasar | d69de6f4205696769caffe6bc3b75fd2da005041dcd88c110da9937a159233b6 | Triage

Submit
Reports

Overview

overview

Static

static

3

9d737c768d...88.exe

windows7-x64

9d737c768d...88.exe

windows10-2004-x64

Sharing

General

Target

f4a3d9404ad522ec1b9bd8feb8dca3b5.bin
Size

459KB
Sample

231024-c9k7yabh95
MD5

24f5be8735121e539e777b0e7fc5fe61
SHA1

3158fa8e66b160a92d4e1014d285b72f48a97f7a
SHA256

d69de6f4205696769caffe6bc3b75fd2da005041dcd88c110da9937a159233b6
SHA512

d842ab02af7e65c0d42da45b9c8f361003bd6827c8b058c52fd0067267b6769cf2428df316948f322d6b5eaf5d6b9556ef7130edf6f020158ce79f09c971b973
SSDEEP

12288:QA11XdtaPye8DJnQDYsLC1cYHfwJhqjwSWabpN/NE:QadkyJDFQDYH+EwLkp5NE

Score

10^/10

quasar office spyware trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

9d737c768d419aed55de299a114fb8b4928d263320caa4b35c08f4c0bb3fcb88.exe

Resource

win7-20231020-en

quasar office spyware trojan

windows7-x64

8 signatures

150 seconds

Behavioral task

behavioral2

Sample

9d737c768d419aed55de299a114fb8b4928d263320caa4b35c08f4c0bb3fcb88.exe

Resource

win10v2004-20231023-en

quasar office spyware trojan

windows10-2004-x64

8 signatures

150 seconds

Malware Config

Extracted

Family

quasar

Version

1.4.0.0

Botnet

Office

C2

37.1.207.27:222

Mutex

7xg1muSKali1I2y5IZ

Attributes

encryption_key
KWyZntdiPrrGnzylskuR
install_name
csrss.exe
log_directory
Logs
reconnect_delay
3000
startup_key
NET framework
subdirectory
SubDir

Extracted

Family

quasar

Attributes

reconnect_delay
3000

Targets

- Target
  
  9d737c768d419aed55de299a114fb8b4928d263320caa4b35c08f4c0bb3fcb88.exe
- Size
  
  502KB
- MD5
  
  f4a3d9404ad522ec1b9bd8feb8dca3b5
- SHA1
  
  33201170d62419689b5685b22325512c27ca16ab
- SHA256
  
  9d737c768d419aed55de299a114fb8b4928d263320caa4b35c08f4c0bb3fcb88
- SHA512
  
  c593bab9c02e4a5a78d420710e422e8b562e2d2e040c745a75aac4a44695ec8d8e83ef999abd17fdd0db0e668a390d93f9d121446fb2f702d982e0bc8e04beea
- SSDEEP
  
  6144:8zAOLe5C9/l3Iv3hlwJYrCp5+kP/af/9jwlYj4ixSP7PtcaZuSrg6n2i3UMyoQTk:8zxICbojRxEceusRn1EvQY
Score

10^/10

quasar office spyware trojan
- Quasar RAT
  Quasar is an open source Remote Access Tool.
  trojan spyware quasar
- Quasar payload
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

quasarofficespywaretrojan

behavioral2

quasarofficespywaretrojan

© 2018-2024

Terms | Privacy