Overview

overview

10

Static

static

1

88c614.html

windows10-2004-x64

10

88c614.html

windows11-21h2-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    88c614

  • Size

    10KB

  • Sample

    240424-nzy7lahe55

  • MD5

    c9bc4f1003e2826fc337ee7bb4649e1a

  • SHA1

    3429338d02c8469874d7b89755d8abd0522d1aa2

  • SHA256

    0383ba1a5f400e3cdab2ab95650cf5110640b486d0fe9f840d332472db797255

  • SHA512

    cf7630bf6653db032fddd33fa7934d5d9c05a132006861bb5ed53e4d3f5192ccd9ef0bd70fbc408bf7238db4df109ddafe7e144af999df817b7d545d97285bb9

  • SSDEEP

    192:SuW1+DWDbSLZLILxLWq7qLKeLtLgTLeLXL+LbLhYLhTFMGQoFnwAuVfUV/6fLvfw:SuW1+DWDbSt0V4eepkTKTC/NYN5MGtnh

Score
10/10
quasaroffice04spywaretrojan

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

Office04

C2

192.168.174.1:4782

Mutex

b7c44e7e-eda8-49c1-881f-dff3c8b1d0c9

Attributes
  • encryption_key

    CA9FF4F38A1F1118F7C85C31CA91417B492B6C09

  • install_name

    Client.exe

  • log_directory

    Logs

  • reconnect_delay

    3000

  • startup_key

    Quasar Client Startup

  • subdirectory

    SubDir

Targets

    • Target

      88c614

    • Size

      10KB

    • MD5

      c9bc4f1003e2826fc337ee7bb4649e1a

    • SHA1

      3429338d02c8469874d7b89755d8abd0522d1aa2

    • SHA256

      0383ba1a5f400e3cdab2ab95650cf5110640b486d0fe9f840d332472db797255

    • SHA512

      cf7630bf6653db032fddd33fa7934d5d9c05a132006861bb5ed53e4d3f5192ccd9ef0bd70fbc408bf7238db4df109ddafe7e144af999df817b7d545d97285bb9

    • SSDEEP

      192:SuW1+DWDbSLZLILxLWq7qLKeLtLgTLeLXL+LbLhYLhTFMGQoFnwAuVfUV/6fLvfw:SuW1+DWDbSt0V4eepkTKTC/NYN5MGtnh

    Score
    10/10
    quasaroffice04spywaretrojan

    • Quasar RAT

      Quasar is an open source Remote Access Tool.

      trojanspywarequasar

    • Quasar payload

    • Downloads MZ/PE file

    • Executes dropped EXE

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Scheduled Task/Job

1
T1053

Persistence

Scheduled Task/Job

1
T1053

Privilege Escalation

Scheduled Task/Job

1
T1053

Defense Evasion

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks