quasar | de51a9e30c97ce174b36d20b3dcadd6f5b3ed330491413373244813d36e6d3d5 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

Client-built.exe
Size

3.1MB
Sample

240915-fz8f9sxdkg
MD5

0e7400b7962021524550a5736d4c568d
SHA1

517654e75ee5ac6581efdebf7ac55ffb4961452f
SHA256

de51a9e30c97ce174b36d20b3dcadd6f5b3ed330491413373244813d36e6d3d5
SHA512

f7ba6f8ee3b4ba0b119691876c1c8db8064dbe72e7dc8225192d6d70ce7f35837a8fed25d168a8d0cb23f53c1034de3eb1e6d3eab5d60b66b40ff10739cebe8d
SSDEEP

49152:CvilL26AaNeWgPhlmVqvMQ7XSKi1RJ6JbR3LoGdM4THHB72eh2NT:CvaL26AaNeWgPhlmVqkQ7XSKi1RJ6L

Score

10^/10

quasar office04 discovery spyware trojan

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

Office04

C2

23.84.85.170:3389

23.84.85.170:2032

Mutex

91e4434c-ab59-4a1a-931f-bd0739545abc

Attributes

encryption_key
043DA72868D75E77D6E7D6B34CDE151E7FD08F30
install_name
Client.exe
log_directory
Logs
reconnect_delay
3000
startup_key
Quasar Client Startup
subdirectory
SubDir

Targets

- Target
  
  Client-built.exe
- Size
  
  3.1MB
- MD5
  
  0e7400b7962021524550a5736d4c568d
- SHA1
  
  517654e75ee5ac6581efdebf7ac55ffb4961452f
- SHA256
  
  de51a9e30c97ce174b36d20b3dcadd6f5b3ed330491413373244813d36e6d3d5
- SHA512
  
  f7ba6f8ee3b4ba0b119691876c1c8db8064dbe72e7dc8225192d6d70ce7f35837a8fed25d168a8d0cb23f53c1034de3eb1e6d3eab5d60b66b40ff10739cebe8d
- SSDEEP
  
  49152:CvilL26AaNeWgPhlmVqvMQ7XSKi1RJ6JbR3LoGdM4THHB72eh2NT:CvaL26AaNeWgPhlmVqkQ7XSKi1RJ6L
Score

10^/10

quasar office04 spyware trojan discovery
- Quasar RAT
  Quasar is an open source Remote Access Tool.
  trojan spyware quasar
- Quasar payload
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

quasaroffice04spywaretrojan

behavioral2

quasaroffice04discoveryspywaretrojan