Overview

overview

10

Static

static

10

Client-built.exe

windows7-x64

10

Client-built.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Client-built.exe

  • Size

    3.1MB

  • Sample

    240423-3medzsch3y

  • MD5

    3bced6ac1c801a8e7cc5ceda7d5c35c8

  • SHA1

    723c904a457d8ec456abf529f22b66e52750de99

  • SHA256

    95c14dce137abdab31b303d3cacf6dcd6921965770b98efecd2764a8dd01987e

  • SHA512

    f6a4c02823ad51b9b02af3088d79d8ff0b4ad50bcd53bb76d32fb3309fedf4c7c6db88eeccccea73f5ec7ffc4eeb061455b39535c3e966843fd5b462d8fccdc9

  • SSDEEP

    49152:avvI22SsaNYfdPBldt698dBcjHK4GqBejwo2daDITHHB72eh2NT:avg22SsaNYfdPBldt6+dBcjHtGC

Score
10/10
quasaroffice04spywaretrojan

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

Office04

C2

192.168.1.154:4782

Mutex

fc77cfe1-d80b-48cb-9d89-f3ae226a2e4f

Attributes
  • encryption_key

    A27F98046AFCBDB83B88F9A80F76106C932ED471

  • install_name

    Client.exe

  • log_directory

    Logs

  • reconnect_delay

    3000

  • startup_key

    Quasar Client Startup

  • subdirectory

    SubDir

Targets

    • Target

      Client-built.exe

    • Size

      3.1MB

    • MD5

      3bced6ac1c801a8e7cc5ceda7d5c35c8

    • SHA1

      723c904a457d8ec456abf529f22b66e52750de99

    • SHA256

      95c14dce137abdab31b303d3cacf6dcd6921965770b98efecd2764a8dd01987e

    • SHA512

      f6a4c02823ad51b9b02af3088d79d8ff0b4ad50bcd53bb76d32fb3309fedf4c7c6db88eeccccea73f5ec7ffc4eeb061455b39535c3e966843fd5b462d8fccdc9

    • SSDEEP

      49152:avvI22SsaNYfdPBldt698dBcjHK4GqBejwo2daDITHHB72eh2NT:avg22SsaNYfdPBldt6+dBcjHtGC

    Score
    10/10
    quasaroffice04spywaretrojan

    • Quasar RAT

      Quasar is an open source Remote Access Tool.

      trojanspywarequasar

    • Quasar payload

    • Executes dropped EXE

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks