quasar | 2cb1adb73eda0d1c2dc62f7bc312add25cfcc04017d3998e11513c4d02b1150e | Triage

Submit
Reports

Overview

overview

Static

static

f54598770f...ac.exe

windows7-x64

f54598770f...ac.exe

windows10-2004-x64

Sharing

General

Target

f54598770f770d815c9707dd33518eac.exe
Size

3.1MB
Sample

240320-k5k1daea8w
MD5

f54598770f770d815c9707dd33518eac
SHA1

6acf4aaf1d74710ef92c0b99a4b263202fbefcb7
SHA256

2cb1adb73eda0d1c2dc62f7bc312add25cfcc04017d3998e11513c4d02b1150e
SHA512

dc927e84c41121e43f281af15ede1dcce368f1f94e88b56c893a1dfda8aa412547fe5f77d46fcc6a9fc8842b860edf4b3a3c059919b460d0f8611035d9e42d36
SSDEEP

49152:SvyI22SsaNYfdPBldt698dBcjHutbXPEhNvJJaoGdwjTHHB72eh2NT:Svf22SsaNYfdPBldt6+dBcjHZhg

Score

10^/10

quasar office01 spyware trojan

Static task

static1

office01 quasar

3 signatures

Behavioral task

behavioral1

Sample

f54598770f770d815c9707dd33518eac.exe

Resource

win7-20240221-en

quasar office01 spyware trojan

windows7-x64

8 signatures

150 seconds

Behavioral task

behavioral2

Sample

f54598770f770d815c9707dd33518eac.exe

Resource

win10v2004-20240226-en

quasar office01 spyware trojan

windows10-2004-x64

8 signatures

150 seconds

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

Office01

C2

www.exiles.site:14782

Mutex

a0f587a6-d40f-499d-8e9e-b0831e1cb678

Attributes

encryption_key
49BF5A48970D914C7E70F494A8E16B5EFA3AB6A0
install_name
Client.exe
log_directory
Logs
reconnect_delay
3000
startup_key
Quasar Client Startup
subdirectory
SubDir

Targets

- Target
  
  f54598770f770d815c9707dd33518eac.exe
- Size
  
  3.1MB
- MD5
  
  f54598770f770d815c9707dd33518eac
- SHA1
  
  6acf4aaf1d74710ef92c0b99a4b263202fbefcb7
- SHA256
  
  2cb1adb73eda0d1c2dc62f7bc312add25cfcc04017d3998e11513c4d02b1150e
- SHA512
  
  dc927e84c41121e43f281af15ede1dcce368f1f94e88b56c893a1dfda8aa412547fe5f77d46fcc6a9fc8842b860edf4b3a3c059919b460d0f8611035d9e42d36
- SSDEEP
  
  49152:SvyI22SsaNYfdPBldt698dBcjHutbXPEhNvJJaoGdwjTHHB72eh2NT:Svf22SsaNYfdPBldt6+dBcjHZhg
Score

10^/10

quasar office01 spyware trojan
- Quasar RAT
  Quasar is an open source Remote Access Tool.
  trojan spyware quasar
- Quasar payload
- Executes dropped EXE
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Credential Access

Discovery

Query Registry

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

quasaroffice01spywaretrojan

behavioral2

quasaroffice01spywaretrojan

© 2018-2024

Terms | Privacy