quasar | b9d740895052ab2f57e092e12fea8e29b974b03a3c5a896007dcb931b9f9ed87 | Triage

Sharing

General

Target

Solara Installer.exe
Size

3.1MB
Sample

240811-peg81syfmr
MD5

ad5de829a91c7cbe1a4c1aa19194cc4f
SHA1

b4eb9f485f5b30204c67a6f2bbdd906e17a7dfb1
SHA256

b9d740895052ab2f57e092e12fea8e29b974b03a3c5a896007dcb931b9f9ed87
SHA512

1ff7e1541c0cd442266a0a35baf1464a5a6c5f9b13ae72b303bb3e1dad2781926a33b47d5c7c4e1dd9ddcf1403bac104722405b0f640e42d6bc8e7e29c7da09d
SSDEEP

49152:3vflL26AaNeWgPhlmVqvMQ7XSKMHRJ62bR3LoGd7THHB72eh2NT:3vtL26AaNeWgPhlmVqkQ7XSKMHRJ6w

Score

10^/10

quasar office04 discovery spyware trojan

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

Office04

C2

realwz-34142.portmap.host:34142

Mutex

6eb5c908-87fa-4e33-a3b3-a6eaa2455bad

Attributes

encryption_key
458FF650B9D9D277FD5A8DC74175331B7B2FC1B9
install_name
Downloader.exe
log_directory
Logs
reconnect_delay
3000
startup_key
Windows Defender
subdirectory
SubDir

Targets

- Target
  
  Solara Installer.exe
- Size
  
  3.1MB
- MD5
  
  ad5de829a91c7cbe1a4c1aa19194cc4f
- SHA1
  
  b4eb9f485f5b30204c67a6f2bbdd906e17a7dfb1
- SHA256
  
  b9d740895052ab2f57e092e12fea8e29b974b03a3c5a896007dcb931b9f9ed87
- SHA512
  
  1ff7e1541c0cd442266a0a35baf1464a5a6c5f9b13ae72b303bb3e1dad2781926a33b47d5c7c4e1dd9ddcf1403bac104722405b0f640e42d6bc8e7e29c7da09d
- SSDEEP
  
  49152:3vflL26AaNeWgPhlmVqvMQ7XSKMHRJ62bR3LoGd7THHB72eh2NT:3vtL26AaNeWgPhlmVqkQ7XSKMHRJ6w
Score

10^/10

quasar office04 discovery spyware trojan
- Quasar RAT
  Quasar is an open source Remote Access Tool.
  trojan spyware quasar
- Quasar payload
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

Remote System Discovery

System Information Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

quasaroffice04discoveryspywaretrojan