quasar | 31b494be325fc9c97031135886454b1370e5e3608c757f74784c6b6fb2fb5c99 | Triage

User tags

Assigned on submission by the user, not by sandbox detections.

Threatview.io Proactive Hunter

Sharing

General

Target

qauasariscrypted.exe.1
Size

6.4MB
Sample

240425-ghbawagc75
MD5

eb0beafcb365cd20eb00ff9e19b73232
SHA1

1a4470109418e1110588d52851e320ecefcba7de
SHA256

31b494be325fc9c97031135886454b1370e5e3608c757f74784c6b6fb2fb5c99
SHA512

8dff151e81b5ce3c4f51b1f24a6e7654c3008d81b6652e6d2f7fabc42d341e9db703b12f83ccf9471514498af3c1763ef97f132ad36302de8ccd984fbf52d52f
SSDEEP

98304:DpgFmZKkYcZ4YSQrKF78eHm8Xdt6Zz55JJ9enfr:uFmZOcZtrKFFHm8t0NJJo

Score

10^/10

quasar office04 microsoft persistence phishing spyware trojan

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

Office04

C2

185.196.10.233:4782

Mutex

b0fcdfbd-bdd4-4a5d-8ab1-7217539d4db6

Attributes

encryption_key
0EC03133971030F6D05E6D59F71626F6543BBE65
install_name
gfdgfdg.exe
log_directory
Logs
reconnect_delay
3000
startup_key
fgfdhdgg
subdirectory
gfgfgf

Targets

- Target
  
  qauasariscrypted.exe.1
- Size
  
  6.4MB
- MD5
  
  eb0beafcb365cd20eb00ff9e19b73232
- SHA1
  
  1a4470109418e1110588d52851e320ecefcba7de
- SHA256
  
  31b494be325fc9c97031135886454b1370e5e3608c757f74784c6b6fb2fb5c99
- SHA512
  
  8dff151e81b5ce3c4f51b1f24a6e7654c3008d81b6652e6d2f7fabc42d341e9db703b12f83ccf9471514498af3c1763ef97f132ad36302de8ccd984fbf52d52f
- SSDEEP
  
  98304:DpgFmZKkYcZ4YSQrKF78eHm8Xdt6Zz55JJ9enfr:uFmZOcZtrKFFHm8t0NJJo
Score

10^/10

quasar office04 persistence spyware trojan microsoft phishing
- Quasar RAT
  Quasar is an open source Remote Access Tool.
  trojan spyware quasar
- Quasar payload
- Adds Run key to start application
  persistence
- Detected potential entity reuse from brand microsoft.
  phishing microsoft
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

quasaroffice04persistencespywaretrojan

behavioral2

quasaroffice04microsoftpersistencephishingspywaretrojan