quasar | f80608ffcfae5dd4255704e7a65fca72882dce5b23d3fda13c11e560c4c45d20 | Triage

Sharing

General

Target

ss.exe
Size

3.1MB
Sample

240526-mq8t1agb58
MD5

e786c5e43fd18c2059613d5e7d490cde
SHA1

adef35755782160a2bb8977efbbcaa747a3e07cd
SHA256

f80608ffcfae5dd4255704e7a65fca72882dce5b23d3fda13c11e560c4c45d20
SHA512

09310d47dd39722042f9551a2eb21b3fec1f1a05123fa92164940a70466b7cfc1bd56a15ca7c90ebac01c8933da1cccc5dc889a0f91d476b0d214edfa211593f
SSDEEP

98304:3vJL26AaNeWgPhlmVqkQ7XSKJdRJ67n4:fH4SwK

Score

10^/10

quasar office04 spyware trojan

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

Office04

C2

bin-inspections.gl.at.ply.gg:64055

Mutex

536deaa9-57d2-448a-ae01-b604426d7fa6

Attributes

encryption_key
DBB529B3F56F6D23695F8D7AC9BA28484A0D6D0F
install_name
Client.exe
log_directory
Logs
reconnect_delay
3000
startup_key
Quasar Client Startup
subdirectory
SubDir

Targets

- Target
  
  ss.exe
- Size
  
  3.1MB
- MD5
  
  e786c5e43fd18c2059613d5e7d490cde
- SHA1
  
  adef35755782160a2bb8977efbbcaa747a3e07cd
- SHA256
  
  f80608ffcfae5dd4255704e7a65fca72882dce5b23d3fda13c11e560c4c45d20
- SHA512
  
  09310d47dd39722042f9551a2eb21b3fec1f1a05123fa92164940a70466b7cfc1bd56a15ca7c90ebac01c8933da1cccc5dc889a0f91d476b0d214edfa211593f
- SSDEEP
  
  98304:3vJL26AaNeWgPhlmVqkQ7XSKJdRJ67n4:fH4SwK
Score

10^/10

quasar office04 spyware trojan
- Quasar RAT
  Quasar is an open source Remote Access Tool.
  trojan spyware quasar
- Quasar payload
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

Remote System Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

quasaroffice04spywaretrojan