quasar | 0ad767569575baeeba2c76169fe9389b805364dd3a71e5e8d818dea5a94acc50 | Triage

Sharing

General

Target

0ad767569575baeeba2c76169fe9389b805364dd3a71e5e8d818dea5a94acc50
Size

6.0MB
Sample

240501-treqwadb63
MD5

4d05ea664b21ab95e888f456afa1a7a8
SHA1

b4ddeb5b9c83cd8ff02004f52751d1298212a37c
SHA256

0ad767569575baeeba2c76169fe9389b805364dd3a71e5e8d818dea5a94acc50
SHA512

05825d447257267ab9079f15f31565dc7bf88dc6293ccf9ca93bee67a63ef1a68ee29b5a54d33336a4864e326b90239fc34b13831e1243b1390a96f5214aad20
SSDEEP

98304:aBDvEtGdg2pgJTJSCYLCWcpc2tlbWvKUeR+T8u0:aBDt9gJTXYGWcRtlivOA

Score

10^/10

quasar office04 spyware trojan

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

Office04

C2

93.123.85.108:4782

Mutex

e14b8f59-979b-4ebf-8602-dd3c4d6c301e

Attributes

encryption_key
534734397C0FA9A1D28F061AD75DF4100BFF5787
install_name
Msconfig.exe
log_directory
Logs
reconnect_delay
3000
startup_key
Quasar Client Startup
subdirectory
SubDir

Targets

- Target
  
  0ad767569575baeeba2c76169fe9389b805364dd3a71e5e8d818dea5a94acc50
- Size
  
  6.0MB
- MD5
  
  4d05ea664b21ab95e888f456afa1a7a8
- SHA1
  
  b4ddeb5b9c83cd8ff02004f52751d1298212a37c
- SHA256
  
  0ad767569575baeeba2c76169fe9389b805364dd3a71e5e8d818dea5a94acc50
- SHA512
  
  05825d447257267ab9079f15f31565dc7bf88dc6293ccf9ca93bee67a63ef1a68ee29b5a54d33336a4864e326b90239fc34b13831e1243b1390a96f5214aad20
- SSDEEP
  
  98304:aBDvEtGdg2pgJTJSCYLCWcpc2tlbWvKUeR+T8u0:aBDt9gJTXYGWcRtlivOA
Score

10^/10

quasar office04 spyware trojan
- Quasar RAT
  Quasar is an open source Remote Access Tool.
  trojan spyware quasar
- Quasar payload
- Executes dropped EXE
- Uses the VBS compiler for execution
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scripting

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Scripting

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

quasaroffice04spywaretrojan

behavioral2

quasaroffice04spywaretrojan