quasar | e69fe746cdcd081f7dda3d507a3d0ea706c421e6857e138f7880ade96a9c03de | Triage

Sharing

General

Target

Client-built.exe
Size

3.1MB
Sample

240425-vav7zach45
MD5

b562aa20ac8830c5573e6251e756b413
SHA1

fc2ffa2c1cf75f6bc9a49b50f80e7903778f5511
SHA256

e69fe746cdcd081f7dda3d507a3d0ea706c421e6857e138f7880ade96a9c03de
SHA512

be02f217ff67d29ee3e26ad2eec0dd4468009c05f123ca0e98cf77f850ea85d40165f38626b437d64afad923ee2d46499f2efb3654b6c7d8e49406967195b78e
SSDEEP

49152:ovRL82kyaNnwxPlllSWxc9LpQXwvRJ6CbR3LoGdqTHHB72eh2NT:ovJ82kyaNnwxPlllSWa9LpQXwvRJ68

Score

10^/10

quasar office04 spyware trojan

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

Office04

C2

Enslotheya2-61094.portmap.host:4782

Enslotheya2-61094.portmap.host:46201

193.161.193.99:4782

193.161.193.99:61094

193.161.193.99:46201

Mutex

8ea6b073-ee8d-4f7f-8fba-1e280e616d24

Attributes

encryption_key
74E1B4AC3CD2ECB5E4C2870E4E135FA00D21CA8C
install_name
Client.exe
log_directory
Logs
reconnect_delay
3000
startup_key
Quasar Client Startup
subdirectory
SubDir

Targets

- Target
  
  Client-built.exe
- Size
  
  3.1MB
- MD5
  
  b562aa20ac8830c5573e6251e756b413
- SHA1
  
  fc2ffa2c1cf75f6bc9a49b50f80e7903778f5511
- SHA256
  
  e69fe746cdcd081f7dda3d507a3d0ea706c421e6857e138f7880ade96a9c03de
- SHA512
  
  be02f217ff67d29ee3e26ad2eec0dd4468009c05f123ca0e98cf77f850ea85d40165f38626b437d64afad923ee2d46499f2efb3654b6c7d8e49406967195b78e
- SSDEEP
  
  49152:ovRL82kyaNnwxPlllSWxc9LpQXwvRJ6CbR3LoGdqTHHB72eh2NT:ovJ82kyaNnwxPlllSWa9LpQXwvRJ68
Score

10^/10

quasar office04 spyware trojan
- Quasar RAT
  Quasar is an open source Remote Access Tool.
  trojan spyware quasar
- Quasar payload
behavioral1

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

quasaroffice04spywaretrojan