quasar | 148ba895996273e5b245a9764c65b18187186084105a3d037e12a48940d78684 | Triage

Submit
Reports

Overview

overview

Static

static

SkermEXEC.exe

windows10-1703-x64

Sharing

General

Target

SkermEXEC.exe
Size

3.1MB
Sample

240518-1tsh3sac79
MD5

d2684b91635d1e6367f3afcc5f69704f
SHA1

e11f64b35a4d006abcf3218c2b16350fa1811d37
SHA256

148ba895996273e5b245a9764c65b18187186084105a3d037e12a48940d78684
SHA512

06a7d6154c51c7a2f5dcdb6473a5c0122c568b852613e38e7359bd345cbb7f0ac511fb13c8d54c01ca309866208aa0e1ec4a738953050b52d34903feb7dc59d7
SSDEEP

49152:KvWI22SsaNYfdPBldt698dBcjHV5Ro6nbR3LoGduTTHHB72eh2NT:Kv722SsaNYfdPBldt6+dBcjHV5Ro65

Score

10^/10

quasar office04 spyware trojan

Static task

static1

office04 quasar

3 signatures

Behavioral task

behavioral1

Sample

SkermEXEC.exe

Resource

win10-20240404-en

quasar office04 spyware trojan

windows10-1703-x64

8 signatures

150 seconds

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

Office04

C2

104.28.197.26:4782

Mutex

f195a5f9-5b8a-4ef1-ba41-ce79c45d3dad

Attributes

encryption_key
AAD5CB2ED96AC29ECF5D4BB5B9A38449017E4CAA
install_name
SkermEXEC.exe
log_directory
Logs
reconnect_delay
3000
startup_key
Quasar Client Startup
subdirectory
SubDir

Targets

- Target
  
  SkermEXEC.exe
- Size
  
  3.1MB
- MD5
  
  d2684b91635d1e6367f3afcc5f69704f
- SHA1
  
  e11f64b35a4d006abcf3218c2b16350fa1811d37
- SHA256
  
  148ba895996273e5b245a9764c65b18187186084105a3d037e12a48940d78684
- SHA512
  
  06a7d6154c51c7a2f5dcdb6473a5c0122c568b852613e38e7359bd345cbb7f0ac511fb13c8d54c01ca309866208aa0e1ec4a738953050b52d34903feb7dc59d7
- SSDEEP
  
  49152:KvWI22SsaNYfdPBldt698dBcjHV5Ro6nbR3LoGduTTHHB72eh2NT:Kv722SsaNYfdPBldt6+dBcjHV5Ro65
Score

10^/10

quasar office04 spyware trojan
- Quasar RAT
  Quasar is an open source Remote Access Tool.
  trojan spyware quasar
- Quasar payload
- Executes dropped EXE
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Credential Access

Discovery

Query Registry

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

quasaroffice04spywaretrojan

© 2018-2024

Terms | Privacy