quasar | f8b020a7d73dd702f0be5c3b77c4de8ee142bd5a3aac3f4ebc64f16fa9715985 | Triage

Submit
Reports

Overview

overview

Static

static

Client-built.exe

windows7-x64

Client-built.exe

windows10-2004-x64

Sharing

General

Target

Hello.zip
Size

1.2MB
Sample

240602-3mttnsce25
MD5

71a5a0777c905188d8d419b0e4914fd5
SHA1

a2f0d35a8a4eedeb574db6dc5bb6cff8d4f0eef9
SHA256

f8b020a7d73dd702f0be5c3b77c4de8ee142bd5a3aac3f4ebc64f16fa9715985
SHA512

66da0f340079383705c195dee3e23e55fa101287817e0ae06aa6a3187edb4136ce7a357615c026f30c13de899906bf440cf7c4902dfa421b0bcbee2f08ee4698
SSDEEP

24576:8puqb2UP1BfGLkWW1BpE82gk2T5qYc5ey3J8kerpMDvCx9e:3UP1BfGQWCBeAT5qYue0JYpMDvCx9e

Score

10^/10

quasar office04 spyware trojan

Static task

static1

office04 quasar

3 signatures

Behavioral task

behavioral1

Sample

Client-built.exe

Resource

win7-20240221-en

quasar office04 spyware trojan

windows7-x64

8 signatures

150 seconds

Behavioral task

behavioral2

Sample

Client-built.exe

Resource

win10v2004-20240426-en

quasar office04 spyware trojan

windows10-2004-x64

16 signatures

150 seconds

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

Office04

C2

192.168.1.1:4782

88.98.207.207:4782

192.168.1.211:4782

Mutex

6d19d2f9-1235-4b10-a1dd-486dc3edd052

Attributes

encryption_key
12AE26995FE0F312DC3ADA3C8CD142053AD088CA
install_name
Client.exe
log_directory
Logs
reconnect_delay
3000
startup_key
Quasar Client Startup
subdirectory
SubDir

Targets

- Target
  
  Client-built.exe
- Size
  
  3.1MB
- MD5
  
  87c807da5b4a2a646390105dac94bc61
- SHA1
  
  597d80ed4349e431c5c059ee655c93a0c68e6528
- SHA256
  
  459c4c1fbef1557b5f4ead03465530713785c9cb48e2b365f5affe8e93dbec5f
- SHA512
  
  825df40a735987d48d328193260f885294c683c12cbb18ae5d07b889c3b7482a90cd02f05aac2d3c362fa817b6502cbec2ae6f0a6378477a9663ef477408ee9f
- SSDEEP
  
  49152:uvtG42pda6D+/PjlLOlg6yQipVAQRJ6abR3LoGdfTHHB72eh2NT:uvE42pda6D+/PjlLOlZyQipVAQRJ60
Score

10^/10

quasar office04 spyware trojan
- Quasar RAT
  Quasar is an open source Remote Access Tool.
  trojan spyware quasar
- Quasar payload
- Executes dropped EXE
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

quasaroffice04spywaretrojan

behavioral2

quasaroffice04spywaretrojan

© 2018-2024

Terms | Privacy