quasar | 8ff6a899594731102074028794a8fab31d38857a976a0bb90b341f7f8b8554cb | Triage

Submit
Reports

Overview

overview

Static

static

1

eCEDOE.html

windows11-21h2-x64

Sharing

General

Target

eCEDOE
Size

518B
Sample

240531-xn2b9ahf51
MD5

4d1663a0ae7ea388d58585f604fb83cd
SHA1

d5e81bc6f4913c2ccc586f573806f79833e5bf62
SHA256

8ff6a899594731102074028794a8fab31d38857a976a0bb90b341f7f8b8554cb
SHA512

a0373a4571e290123a321368c899799ddde5ecc29cf6f7863b045cde580d8390852cfec292879fa65a15f5d7a971c1bd72b43da568d15ebb4286cac4c6455663

Score

10^/10

quasar office04 persistence spyware trojan

Static task

static1

Behavioral task

behavioral1

Sample

eCEDOE.html

Resource

win11-20240426-en

quasar office04 persistence spyware trojan

windows11-21h2-x64

25 signatures

1800 seconds

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

Office04

C2

37.19.205.146:4782

107.203.232.8:80

107.203.232.8:3012

77.111.246.47:3012

76.11.167.128:3012

Mutex

1cd14fab-fbed-4b3d-a27d-f64eca81a694

Attributes

encryption_key
C401F5E4B21F440F2783CBEC4404C9124B18FE39
install_name
SASRP Token Logger.exe
log_directory
Logs
reconnect_delay
2998
startup_key
SASRP | CIA RAT
subdirectory
SASRP_Token_Logger

Targets

- Target
  
  eCEDOE
- Size
  
  518B
- MD5
  
  4d1663a0ae7ea388d58585f604fb83cd
- SHA1
  
  d5e81bc6f4913c2ccc586f573806f79833e5bf62
- SHA256
  
  8ff6a899594731102074028794a8fab31d38857a976a0bb90b341f7f8b8554cb
- SHA512
  
  a0373a4571e290123a321368c899799ddde5ecc29cf6f7863b045cde580d8390852cfec292879fa65a15f5d7a971c1bd72b43da568d15ebb4286cac4c6455663
Score

10^/10

quasar office04 persistence spyware trojan
- Quasar RAT
  Quasar is an open source Remote Access Tool.
  trojan spyware quasar
- Quasar payload
- Downloads MZ/PE file
- Executes dropped EXE
- Adds Run key to start application
  persistence
- Drops file in System32 directory
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Scheduled Task/Job

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Scheduled Task/Job

Defense Evasion

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

quasaroffice04persistencespywaretrojan

© 2018-2024

Terms | Privacy