quasar | ff265b18fa85ef509bace3704e82123869830858d2d29193fa369e77eaa40887 | Triage

Submit
Reports

Overview

overview

Static

static

ff265b18fa...87.exe

windows7-x64

ff265b18fa...87.exe

windows10-2004-x64

Sharing

General

Target

ff265b18fa85ef509bace3704e82123869830858d2d29193fa369e77eaa40887
Size

3.1MB
Sample

240424-21sm4abc6w
MD5

9754bcea9ad1e5be5d7edddf86cc8937
SHA1

0a7f8c93c0cb54fd832635a3de08c5a9ba58fbb0
SHA256

ff265b18fa85ef509bace3704e82123869830858d2d29193fa369e77eaa40887
SHA512

2d8c2a0c6e9c7b475bc68cd039a8e7963a2e6ef1782da169d518f6e2a55b353588f9e2852d26cef42511891545a1ca1d2c4397381f63ba020c099f4b545d12a2
SSDEEP

49152:7vbI22SsaNYfdPBldt698dBcjHdr+PJHlLoGd0QTHHB72eh2NT:7vk22SsaNYfdPBldt6+dBcjHdr+n

Score

10^/10

quasar office04 spyware trojan

Static task

static1

office04 quasar

6 signatures

Behavioral task

behavioral1

Sample

ff265b18fa85ef509bace3704e82123869830858d2d29193fa369e77eaa40887.exe

Resource

win7-20240221-en

quasar office04 spyware trojan

windows7-x64

11 signatures

150 seconds

Behavioral task

behavioral2

Sample

ff265b18fa85ef509bace3704e82123869830858d2d29193fa369e77eaa40887.exe

Resource

win10v2004-20240412-en

quasar office04 spyware trojan

windows10-2004-x64

12 signatures

150 seconds

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

Office04

C2

77.1000.147.5:5000

Mutex

8645f334-f417-44f7-8b2f-c2a2593ddd85

Attributes

encryption_key
6DC4F525708459987F1DD5D6736CBEE3F4BF2C3F
install_name
Client.exe
log_directory
Logs
reconnect_delay
3000
startup_key
Quasar Client Startup
subdirectory
SubDir

Targets

- Target
  
  ff265b18fa85ef509bace3704e82123869830858d2d29193fa369e77eaa40887
- Size
  
  3.1MB
- MD5
  
  9754bcea9ad1e5be5d7edddf86cc8937
- SHA1
  
  0a7f8c93c0cb54fd832635a3de08c5a9ba58fbb0
- SHA256
  
  ff265b18fa85ef509bace3704e82123869830858d2d29193fa369e77eaa40887
- SHA512
  
  2d8c2a0c6e9c7b475bc68cd039a8e7963a2e6ef1782da169d518f6e2a55b353588f9e2852d26cef42511891545a1ca1d2c4397381f63ba020c099f4b545d12a2
- SSDEEP
  
  49152:7vbI22SsaNYfdPBldt698dBcjHdr+PJHlLoGd0QTHHB72eh2NT:7vk22SsaNYfdPBldt6+dBcjHdr+n
Score

10^/10

quasar office04 spyware trojan
- Quasar RAT
  Quasar is an open source Remote Access Tool.
  trojan spyware quasar
- Quasar payload
- Detects Windows executables referencing non-Windows User-Agents
- Detects binaries (Windows and macOS) referencing many web browsers. Observed in information stealers.
- Detects executables containing common artifacts observed in infostealers
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Remote System Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

quasaroffice04spywaretrojan

behavioral2

quasaroffice04spywaretrojan

© 2018-2024

Terms | Privacy