quasar | 76de148ac9b1a4f05355202bc129130af14f507a9de7662015227b911cd73941 | Triage

Submit
Reports

Overview

overview

Static

static

Fatal - Free.exe

windows7-x64

Fatal - Free.exe

windows10-2004-x64

Sharing

General

Target

Fatal - Free.exe
Size

3.1MB
Sample

240606-v1qeeaab94
MD5

c0de0f57c69ae9b5aa1ce38896e14fd0
SHA1

e89157053a1af663cc465069ba6fc069813b2753
SHA256

76de148ac9b1a4f05355202bc129130af14f507a9de7662015227b911cd73941
SHA512

9389f777a1d8c864fbe25f92c0e79d87918cd8097b0cf3000534b82c5b8860cec5d81e4179a5ee90c4e43b997af2c1aef6447187a2f9570cd9bb256a231c2141
SSDEEP

49152:Wvkt62XlaSFNWPjljiFa2RoUYIvz7zQhoGd1gTHHB72eh2NT:Wv462XlaSFNWPjljiFXRoUYIvz7zi

Score

10^/10

quasar office04 spyware trojan

Static task

static1

office04 quasar

3 signatures

Behavioral task

behavioral1

Sample

Fatal - Free.exe

Resource

win7-20240215-en

quasar office04 spyware trojan

windows7-x64

12 signatures

150 seconds

Behavioral task

behavioral2

Sample

Fatal - Free.exe

Resource

win10v2004-20240226-en

quasar office04 spyware trojan

windows10-2004-x64

13 signatures

150 seconds

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

Office04

C2

192.168.3.37:4782

Mutex

f92406d0-04ae-497d-aa31-b25c24b863d2

Attributes

encryption_key
FD81B8715CDDADAE86DD8D24006A755C171092F8
install_name
Client.exe
log_directory
Logs
reconnect_delay
3000
startup_key
Fatal - Free
subdirectory
SubDir

Targets

- Target
  
  Fatal - Free.exe
- Size
  
  3.1MB
- MD5
  
  c0de0f57c69ae9b5aa1ce38896e14fd0
- SHA1
  
  e89157053a1af663cc465069ba6fc069813b2753
- SHA256
  
  76de148ac9b1a4f05355202bc129130af14f507a9de7662015227b911cd73941
- SHA512
  
  9389f777a1d8c864fbe25f92c0e79d87918cd8097b0cf3000534b82c5b8860cec5d81e4179a5ee90c4e43b997af2c1aef6447187a2f9570cd9bb256a231c2141
- SSDEEP
  
  49152:Wvkt62XlaSFNWPjljiFa2RoUYIvz7zQhoGd1gTHHB72eh2NT:Wv462XlaSFNWPjljiFXRoUYIvz7zi
Score

10^/10

quasar office04 spyware trojan
- Quasar RAT
  Quasar is an open source Remote Access Tool.
  trojan spyware quasar
- Quasar payload
- Executes dropped EXE
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

quasaroffice04spywaretrojan

behavioral2

quasaroffice04spywaretrojan

© 2018-2024

Terms | Privacy