Extracted

• • Target

    Client-built.exe

  • Size

    3.1MB

  • MD5

    1fb05ef820095ff5e3e2b983f961ab7d

  • SHA1

    7bcf182863f90623cbf6d421edf4ef140d7088a1

  • SHA256

    6cf21856443fdd0c0c6e9b65bd641b3d20449f54247010899d2dcfbadeecce73

  • SHA512

    c2c1191023fde2bed2c53e8a643fc99832aa7b2ee3e7be5f54a423123db0f22ea2d9f67dac924116eedfdadf93ee29c79a9945999cd06e30ee7c976653cb7bb7

  • SSDEEP

    49152:ivBt62XlaSFNWPjljiFa2RoUYIR/xNESEmk/iiLoGdUTHHB72eh2NT:ivr62XlaSFNWPjljiFXRoUYIhxRs

  Score

  10^/10

  quasaroffice spywaretrojan

  • Quasar RAT

    Quasar is an open source Remote Access Tool.

    trojanspywarequasar

  • Quasar payload

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Legitimate hosting services abused for malware hosting/C2

  • Drops file in System32 directory

  behavioral1behavioral2