Overview

overview

10

Static

static

1

Client-built.bat

windows11-21h2-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Client-built.bat

  • Size

    3.1MB

  • Sample

    240518-xer28aad35

  • MD5

    f84f053137001261cce9e31776b01e01

  • SHA1

    630a80e3a213dff1d4659ba2fac138f2ece9366d

  • SHA256

    e4f5178dbb9b0219959eacd99064373966d03f1489a10e20e1dd4431fb786bf7

  • SHA512

    47df65e8b5ac921bc9f53345374cf88b75fc1afc6804af79f1650c90f0b669376d177d61f273612ae7bdb11ac9aa55db70c4050fe79454d460269643601c2438

  • SSDEEP

    49152:62oqWZ7Vz0ECjGkh9OIrmu3+1NqCWrvE1pG:6+

Score
10/10
quasaroffice04executionspywaretrojan

Malware Config

Extracted

Family

quasar

Attributes
  • reconnect_delay

    3000

Extracted

Family

quasar

Version

1.4.1

Botnet

Office04

C2

192.168.1.190:4782

Mutex

89963d93-8cbc-464c-9bab-6a9816182fbd

Attributes
  • encryption_key

    3C24DE579D826EDD5888A84E88B1691CD81FA44B

  • install_name

    Client.exe

  • log_directory

    Logs

  • reconnect_delay

    3000

  • startup_key

    Quasar Client Startup

  • subdirectory

    SubDir

Targets

    • Target

      Client-built.bat

    • Size

      3.1MB

    • MD5

      f84f053137001261cce9e31776b01e01

    • SHA1

      630a80e3a213dff1d4659ba2fac138f2ece9366d

    • SHA256

      e4f5178dbb9b0219959eacd99064373966d03f1489a10e20e1dd4431fb786bf7

    • SHA512

      47df65e8b5ac921bc9f53345374cf88b75fc1afc6804af79f1650c90f0b669376d177d61f273612ae7bdb11ac9aa55db70c4050fe79454d460269643601c2438

    • SSDEEP

      49152:62oqWZ7Vz0ECjGkh9OIrmu3+1NqCWrvE1pG:6+

    Score
    10/10
    quasaroffice04executionspywaretrojan

    • Quasar RAT

      Quasar is an open source Remote Access Tool.

      trojanspywarequasar

    • Quasar payload

    • Command and Scripting Interpreter: PowerShell

      Run Powershell and hide display window.

      execution

    • Executes dropped EXE

    behavioral1

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Command and Scripting Interpreter

1
T1059

PowerShell

1
T1059.001

Scheduled Task/Job

1
T1053

Persistence

Scheduled Task/Job

1
T1053

Privilege Escalation

Scheduled Task/Job

1
T1053

Defense Evasion

Credential Access

Discovery

Query Registry

1
T1012

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks