quasar | a323a9891c15a533b2356c710a9610dcd764931b2122404d1278952d6a2611e1 | Triage

Submit
Reports

Overview

overview

Static

static

3

0fb77a7f91...df.exe

windows7-x64

0fb77a7f91...df.exe

windows10-2004-x64

Sharing

Copy URL Twitter E-mail

General

Target

0fb77a7f91ccadcee16b1f264b0a53df
Size

1.0MB
Sample

231230-fwdsgseeh7
MD5

0fb77a7f91ccadcee16b1f264b0a53df
SHA1

efadf32a52f1b6bfde9ab82bd4ac5cd1598d8a8f
SHA256

a323a9891c15a533b2356c710a9610dcd764931b2122404d1278952d6a2611e1
SHA512

e6a30817ab7031b0d2170d28d61c721d8d609e65485054e8e706740582454bf0cb54a2029781628d8a994165674d4652e2592cf9c4db4b78434de1d235be8373
SSDEEP

12288:kARNJ6j3LBFsSfNJwZH3Uw2oQb+9BXNwQlsljyFVRelCuXjV+apo+gO0aoUWqnDi:bLJ+FFsSFJg9LuuqnDonB1

Score

10^/10

quasar office04 spyware trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

0fb77a7f91ccadcee16b1f264b0a53df.exe

Resource

win7-20231215-en

quasar office04 spyware trojan

windows7-x64

5 signatures

150 seconds

Behavioral task

behavioral2

Sample

0fb77a7f91ccadcee16b1f264b0a53df.exe

Resource

win10v2004-20231215-en

quasar office04 spyware trojan

windows10-2004-x64

7 signatures

150 seconds

Malware Config

Extracted

Family

quasar

Version

1.3.0.0

Botnet

Office04

C2

10.8.31.138:28394

Mutex

QSR_MUTEX_8o3qZGCFefA40MAkOh

Attributes

encryption_key
Gmm1w4utIxJXOFfCOJbk
install_name
Client.exe
log_directory
Logs
reconnect_delay
3000
startup_key
Quasar Client Startup
subdirectory
SubDir

Targets

- Target
  
  0fb77a7f91ccadcee16b1f264b0a53df
- Size
  
  1.0MB
- MD5
  
  0fb77a7f91ccadcee16b1f264b0a53df
- SHA1
  
  efadf32a52f1b6bfde9ab82bd4ac5cd1598d8a8f
- SHA256
  
  a323a9891c15a533b2356c710a9610dcd764931b2122404d1278952d6a2611e1
- SHA512
  
  e6a30817ab7031b0d2170d28d61c721d8d609e65485054e8e706740582454bf0cb54a2029781628d8a994165674d4652e2592cf9c4db4b78434de1d235be8373
- SSDEEP
  
  12288:kARNJ6j3LBFsSfNJwZH3Uw2oQb+9BXNwQlsljyFVRelCuXjV+apo+gO0aoUWqnDi:bLJ+FFsSFJg9LuuqnDonB1
Score

10^/10

quasar office04 spyware trojan
- Quasar RAT
  Quasar is an open source Remote Access Tool.
  trojan spyware quasar
- Quasar payload
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

quasaroffice04spywaretrojan

behavioral2

quasaroffice04spywaretrojan

© 2018-2025

Terms | Privacy