Overview

overview

10

Static

static

10

tmp.exe

windows7-x64

10

tmp.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    139s
  • max time network
    152s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240412-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
  • submitted
    23/04/2024, 03:15

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    tmp.exe

  • Size

    3.1MB

  • MD5

    bdb26945bc93657af757183703e55479

  • SHA1

    51a1841c037523d738e56a584b646424530a24ba

  • SHA256

    c91ccb6f24c0a51bac8c3608ef4964bb09b3b0275277e79476a4cf7a462bacd3

  • SHA512

    cb247e0d5907279295f0e04211498effaa3c8db73baedfee2dcaf58ae5767f6f221f00bb745dd1affbcdbf89f4a796f0952224f15655d70a6c750490f176da53

  • SSDEEP

    49152:6vYt62XlaSFNWPjljiFa2RoUYI0IRJ6zbR3LoGdSjTHHB72eh2NT:6v062XlaSFNWPjljiFXRoUYI0IRJ6l

Score
10/10
quasaroffice04spywaretrojan

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

Office04

C2

185.196.10.233:4782

Mutex

b0fcdfbd-bdd4-4a5d-8ab1-7217539d4db6

Attributes
  • encryption_key

    0EC03133971030F6D05E6D59F71626F6543BBE65

  • install_name

    gfdgfdg.exe

  • log_directory

    Logs

  • reconnect_delay

    3000

  • startup_key

    fgfdhdgg

  • subdirectory

    gfgfgf

Signatures

  • Quasar RAT

    Quasar is an open source Remote Access Tool.

    trojanspywarequasar
  • Quasar payload 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\tmp.exe
    "C:\Users\Admin\AppData\Local\Temp\tmp.exe"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:2224

Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • memory/2224-0-0x0000000000ED0000-0x00000000011F4000-memory.dmp

          Filesize

          3.1MB

          Download

        • memory/2224-1-0x00007FFF7EEC0000-0x00007FFF7F981000-memory.dmp

          Filesize

          10.8MB

          Download

        • memory/2224-2-0x000000001BE00000-0x000000001BE10000-memory.dmp

          Filesize

          64KB

          Download

        • memory/2224-3-0x000000001C180000-0x000000001C1D0000-memory.dmp

          Filesize

          320KB

          Download

        • memory/2224-4-0x000000001C290000-0x000000001C342000-memory.dmp

          Filesize

          712KB

          Download

        • memory/2224-7-0x000000001C1F0000-0x000000001C202000-memory.dmp

          Filesize

          72KB

          Download

        • memory/2224-8-0x000000001C250000-0x000000001C28C000-memory.dmp

          Filesize

          240KB

          Download

        • memory/2224-9-0x00007FFF7EEC0000-0x00007FFF7F981000-memory.dmp

          Filesize

          10.8MB

          Download

        • memory/2224-10-0x000000001BE00000-0x000000001BE10000-memory.dmp

          Filesize

          64KB

          Download