quasar | 6ffb3717d7be4a8c03ec2c9ed3678ba9804696d38078cb1c2d1924487e2912ee | Triage

Submit
Reports

Overview

overview

Static

static

6ffb3717d7...ee.exe

windows7-x64

6ffb3717d7...ee.exe

windows10-2004-x64

Sharing

General

Target

6ffb3717d7be4a8c03ec2c9ed3678ba9804696d38078cb1c2d1924487e2912ee
Size

3.1MB
Sample

240614-2hsv5syflb
MD5

5be228f80c4787e5b4b5d4d49b74f3f8
SHA1

1044191469a2ce9ba3e051d843016dd6f6457696
SHA256

6ffb3717d7be4a8c03ec2c9ed3678ba9804696d38078cb1c2d1924487e2912ee
SHA512

e664adccfaf7519c25d59312b49d72d1241e1e257d5e6bd7551186d0480f3864f87cd487bc6f098c3f6c5bd5e75655fae9f072f57e765ff0aa70db593857fb16
SSDEEP

49152:DvrI22SsaNYfdPBldt698dBcjHIsk41JHroGddqYTHHB72eh2NT:DvU22SsaNYfdPBldt6+dBcjHIskkA

Score

10^/10

quasar office01 spyware trojan

Static task

static1

office01 quasar

6 signatures

Behavioral task

behavioral1

Sample

6ffb3717d7be4a8c03ec2c9ed3678ba9804696d38078cb1c2d1924487e2912ee.exe

Resource

win7-20240508-en

quasar office01 spyware trojan

windows7-x64

13 signatures

150 seconds

Behavioral task

behavioral2

Sample

6ffb3717d7be4a8c03ec2c9ed3678ba9804696d38078cb1c2d1924487e2912ee.exe

Resource

win10v2004-20240611-en

quasar office01 spyware trojan

windows10-2004-x64

11 signatures

150 seconds

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

Office01

C2

salchipingo2-53080.portmap.host:53080

Mutex

90649688-30a6-4c67-b372-718aef814cc7

Attributes

encryption_key
854146EBC4756C532297D74168447215895A17F4
install_name
Lenzs.exe
log_directory
Logs
reconnect_delay
3000
startup_key
v Startup
subdirectory
SubDir

Targets

- Target
  
  6ffb3717d7be4a8c03ec2c9ed3678ba9804696d38078cb1c2d1924487e2912ee
- Size
  
  3.1MB
- MD5
  
  5be228f80c4787e5b4b5d4d49b74f3f8
- SHA1
  
  1044191469a2ce9ba3e051d843016dd6f6457696
- SHA256
  
  6ffb3717d7be4a8c03ec2c9ed3678ba9804696d38078cb1c2d1924487e2912ee
- SHA512
  
  e664adccfaf7519c25d59312b49d72d1241e1e257d5e6bd7551186d0480f3864f87cd487bc6f098c3f6c5bd5e75655fae9f072f57e765ff0aa70db593857fb16
- SSDEEP
  
  49152:DvrI22SsaNYfdPBldt698dBcjHIsk41JHroGddqYTHHB72eh2NT:DvU22SsaNYfdPBldt6+dBcjHIskkA
Score

10^/10

quasar office01 spyware trojan
- Quasar RAT
  Quasar is an open source Remote Access Tool.
  trojan spyware quasar
- Quasar payload
- Detects Windows executables referencing non-Windows User-Agents
- Detects binaries (Windows and macOS) referencing many web browsers. Observed in information stealers.
- Detects executables containing common artifacts observed in infostealers
- Executes dropped EXE
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Credential Access

Discovery

System Information Discovery

Remote System Discovery

Query Registry

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

quasaroffice01spywaretrojan

behavioral2

quasaroffice01spywaretrojan

© 2018-2024

Terms | Privacy