quasar | 8ff6a899594731102074028794a8fab31d38857a976a0bb90b341f7f8b8554cb | Triage

Submit
Reports

Overview

overview

Static

static

1

eCEDOE.html

windows11-21h2-x64

Sharing

General

Target

eCEDOE
Size

518B
Sample

240531-xn2b9ahf51
MD5

4d1663a0ae7ea388d58585f604fb83cd
SHA1

d5e81bc6f4913c2ccc586f573806f79833e5bf62
SHA256

8ff6a899594731102074028794a8fab31d38857a976a0bb90b341f7f8b8554cb
SHA512

a0373a4571e290123a321368c899799ddde5ecc29cf6f7863b045cde580d8390852cfec292879fa65a15f5d7a971c1bd72b43da568d15ebb4286cac4c6455663

Score

10^/10

quasar office04 persistence spyware trojan

Static task

static1

Behavioral task

behavioral1

Sample

eCEDOE.html

Resource

win11-20240426-en

quasar office04 persistence spyware trojan

windows11-21h2-x64

25 signatures

1800 seconds

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

Office04

C2

37.19.205.146:4782

107.203.232.8:80

107.203.232.8:3012

77.111.246.47:3012

76.11.167.128:3012

Mutex

1cd14fab-fbed-4b3d-a27d-f64eca81a694

Attributes

encryption_key
C401F5E4B21F440F2783CBEC4404C9124B18FE39
install_name
SASRP Token Logger.exe
log_directory
Logs
reconnect_delay
2998
startup_key
SASRP | CIA RAT
subdirectory
SASRP_Token_Logger

Targets

- Target
  
  eCEDOE
- Size
  
  518B
- MD5
  
  4d1663a0ae7ea388d58585f604fb83cd
- SHA1
  
  d5e81bc6f4913c2ccc586f573806f79833e5bf62
- SHA256
  
  8ff6a899594731102074028794a8fab31d38857a976a0bb90b341f7f8b8554cb
- SHA512
  
  a0373a4571e290123a321368c899799ddde5ecc29cf6f7863b045cde580d8390852cfec292879fa65a15f5d7a971c1bd72b43da568d15ebb4286cac4c6455663
Score

10^/10

quasar office04 persistence spyware trojan
- Quasar RAT
  Quasar is an open source Remote Access Tool.
  trojan spyware quasar
- Quasar payload
- Downloads MZ/PE file
- Executes dropped EXE
- Adds Run key to start application
  persistence
- Drops file in System32 directory
behavioral1

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Scheduled Task/Job

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Scheduled Task/Job

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Scheduled Task/Job

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

quasaroffice04persistencespywaretrojan

© 2018-2024

Terms | Privacy