quasar | f6cb09e109a5cbcd9286b293464ee0fa8ca4a846ccc59b0dfa53c114d74b1093 | Triage

Sharing

General

Target

setup.exe
Size

3.1MB
Sample

240519-t89ycaga34
MD5

85f1c33bca15aed885f2a211c7a16ace
SHA1

4ca79b4c8e8d6a3e7023d94f98c8c4d53e363934
SHA256

f6cb09e109a5cbcd9286b293464ee0fa8ca4a846ccc59b0dfa53c114d74b1093
SHA512

c319cc1cbd39bc1508288f357c4f7fd9fa907fa5d4377f6b7b9e37e3a76e91fcbf62d989b27019a47c95ee51895a794fb5eb5c6c19a639e2636d4eb8f22f6651
SSDEEP

49152:WvyI22SsaNYfdPBldt698dBcjHRmDkE2HNk/+FVoGdvVTHHB72eh2NT:Wvf22SsaNYfdPBldt6+dBcjHRmD2X

Score

10^/10

quasar office04 spyware trojan

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

Office04

C2

86.9.95.137:4782

Mutex

d09b8b98-ea9c-49d4-bfd3-04dda7a80cde

Attributes

encryption_key
F26B2A96E9FB88BAB8A8E7F9F9A1630733DE7809
install_name
Client.exe
log_directory
Logs
reconnect_delay
3000
startup_key
windows defender
subdirectory
SubDir

Targets

- Target
  
  setup.exe
- Size
  
  3.1MB
- MD5
  
  85f1c33bca15aed885f2a211c7a16ace
- SHA1
  
  4ca79b4c8e8d6a3e7023d94f98c8c4d53e363934
- SHA256
  
  f6cb09e109a5cbcd9286b293464ee0fa8ca4a846ccc59b0dfa53c114d74b1093
- SHA512
  
  c319cc1cbd39bc1508288f357c4f7fd9fa907fa5d4377f6b7b9e37e3a76e91fcbf62d989b27019a47c95ee51895a794fb5eb5c6c19a639e2636d4eb8f22f6651
- SSDEEP
  
  49152:WvyI22SsaNYfdPBldt698dBcjHRmDkE2HNk/+FVoGdvVTHHB72eh2NT:Wvf22SsaNYfdPBldt6+dBcjHRmD2X
Score

10^/10

quasar office04 spyware trojan
- Quasar RAT
  Quasar is an open source Remote Access Tool.
  trojan spyware quasar
- Quasar payload
- Executes dropped EXE
behavioral1

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Credential Access

Discovery

Query Registry

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

quasaroffice04spywaretrojan