quasar | fbddeaf86a083721946b6a3d9731ca3acea8246d3ee2fc2ee1f75eff2b927d53 | Triage

Sharing

General

Target

eb0beafcb365cd20eb00ff9e19b73232.bin
Size

4.5MB
Sample

240425-cwwfradh4z
MD5

8f80cea0fb1a6548d123ab7b79485a03
SHA1

75089ce182c66f0ce6c5b141a3aac83ebedd4756
SHA256

fbddeaf86a083721946b6a3d9731ca3acea8246d3ee2fc2ee1f75eff2b927d53
SHA512

df5c798271f42d3fcbd6465dcc6c0c771726f2e688962c70309b5fea6751ccc404c137d3b701dd458975eff90456a70717bb11c08046b4e6c6290f46544a7c84
SSDEEP

98304:laoxqMylE3FVfl3Pm2sWN0zPogWSSE6ffU+bxAzT+RPAx:laoxNyYFVfE2sWNAD6E+bSH+6x

Score

10^/10

quasar office04 persistence spyware trojan

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

Office04

C2

185.196.10.233:4782

Mutex

b0fcdfbd-bdd4-4a5d-8ab1-7217539d4db6

Attributes

encryption_key
0EC03133971030F6D05E6D59F71626F6543BBE65
install_name
gfdgfdg.exe
log_directory
Logs
reconnect_delay
3000
startup_key
fgfdhdgg
subdirectory
gfgfgf

Targets

- Target
  
  31b494be325fc9c97031135886454b1370e5e3608c757f74784c6b6fb2fb5c99.exe
- Size
  
  6.4MB
- MD5
  
  eb0beafcb365cd20eb00ff9e19b73232
- SHA1
  
  1a4470109418e1110588d52851e320ecefcba7de
- SHA256
  
  31b494be325fc9c97031135886454b1370e5e3608c757f74784c6b6fb2fb5c99
- SHA512
  
  8dff151e81b5ce3c4f51b1f24a6e7654c3008d81b6652e6d2f7fabc42d341e9db703b12f83ccf9471514498af3c1763ef97f132ad36302de8ccd984fbf52d52f
- SSDEEP
  
  98304:DpgFmZKkYcZ4YSQrKF78eHm8Xdt6Zz55JJ9enfr:uFmZOcZtrKFFHm8t0NJJo
Score

10^/10

quasar office04 persistence spyware trojan
- Quasar RAT
  Quasar is an open source Remote Access Tool.
  trojan spyware quasar
- Quasar payload
- Uses the VBS compiler for execution
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Scripting

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Scripting

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

quasaroffice04persistencespywaretrojan

behavioral2

quasaroffice04persistencespywaretrojan