quasar | aac3318a190c7dc53512c3b492cd1cd6849b5095fb1f112ba296f9c079194340 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

Client-built.exe
Size

3.1MB
Sample

231212-v81v4shcbq
MD5

34b6298d9defd63572face0b98890878
SHA1

805169e5782b01b2681eb43de1900063fe06e590
SHA256

aac3318a190c7dc53512c3b492cd1cd6849b5095fb1f112ba296f9c079194340
SHA512

4aeed4a6c14f1ecc739eb70512f435f1c4ee9c9e1de936c6e6817e9c5281aec486c35eb71ad70d68b03a4c8e813706395c80250c5e4880e9dacba15065a9dd79
SSDEEP

49152:uvbI22SsaNYfdPBldt698dBcjHUQxNESEpk/iKLoGdfTHHB72eh2NT:uvk22SsaNYfdPBldt6+dBcjH/xg0

Score

10^/10

quasar office04 spyware trojan

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

Office04

C2

91.92.242.148:4782

Mutex

19d192fd-6b6a-462a-816d-c6a2102fb462

Attributes

encryption_key
5E1B833088E17261392F4E2B5745DF67141AEEA1
install_name
Client.exe
log_directory
Logs
reconnect_delay
3000
startup_key
Quasar Client Startup
subdirectory
SubDir

Targets

- Target
  
  Client-built.exe
- Size
  
  3.1MB
- MD5
  
  34b6298d9defd63572face0b98890878
- SHA1
  
  805169e5782b01b2681eb43de1900063fe06e590
- SHA256
  
  aac3318a190c7dc53512c3b492cd1cd6849b5095fb1f112ba296f9c079194340
- SHA512
  
  4aeed4a6c14f1ecc739eb70512f435f1c4ee9c9e1de936c6e6817e9c5281aec486c35eb71ad70d68b03a4c8e813706395c80250c5e4880e9dacba15065a9dd79
- SSDEEP
  
  49152:uvbI22SsaNYfdPBldt698dBcjHUQxNESEpk/iKLoGdfTHHB72eh2NT:uvk22SsaNYfdPBldt6+dBcjH/xg0
Score

10^/10

quasar office04 spyware trojan
- Quasar RAT
  Quasar is an open source Remote Access Tool.
  trojan spyware quasar
- Quasar payload
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

quasaroffice04spywaretrojan