quasar | a53732f6b49c8d9b99b7bdad38c3255f7ea944e14b86c8f674dd3187c74e808e | Triage

Submit
Reports

Overview

overview

Static

static

a53732f6b4...8e.exe

windows7-x64

a53732f6b4...8e.exe

windows10-2004-x64

Sharing

General

Target

a53732f6b49c8d9b99b7bdad38c3255f7ea944e14b86c8f674dd3187c74e808e.exe
Size

348KB
Sample

240927-vn3tzasdjr
MD5

1e9812a1888c470d13eb21fa9a782277
SHA1

567d226e5bb40bec7b3e93a740140df88ecdcd5c
SHA256

a53732f6b49c8d9b99b7bdad38c3255f7ea944e14b86c8f674dd3187c74e808e
SHA512

6b9c5b38d9a09b63cee437b33611a5fcb4a43b5a56eec693279fac4bd4fef4c1971d2be8cd9b357ed2d2e84ca8b2f4b84876d31ea67c19d3c26dbf8b1e743f47
SSDEEP

6144:x7NHXf500MEZXBpc96nbsebHgAA7yITIXE8dWS:Fd50Yc96bMVL2E8AS

Score

10^/10

quasar office04 discovery spyware trojan

Static task

static1

office04 quasar

3 signatures

Behavioral task

behavioral1

Sample

a53732f6b49c8d9b99b7bdad38c3255f7ea944e14b86c8f674dd3187c74e808e.exe

Resource

win7-20240903-en

quasar office04 discovery spyware trojan

windows7-x64

9 signatures

150 seconds

Behavioral task

behavioral2

Sample

a53732f6b49c8d9b99b7bdad38c3255f7ea944e14b86c8f674dd3187c74e808e.exe

Resource

win10v2004-20240802-en

quasar office04 discovery spyware trojan

windows10-2004-x64

8 signatures

150 seconds

Malware Config

Extracted

Family

quasar

Version

1.3.0.0

Botnet

Office04

C2

192.168.234.157:1234

Mutex

QSR_MUTEX_5bycvm6yUpl1GsdPT8

Attributes

encryption_key
oHEH69w2AAxVFHtx6W9f
install_name
Client.exe
log_directory
Logs
reconnect_delay
3000
startup_key
Quasar Client Startup
subdirectory
SubDir

Targets

- Target
  
  a53732f6b49c8d9b99b7bdad38c3255f7ea944e14b86c8f674dd3187c74e808e.exe
- Size
  
  348KB
- MD5
  
  1e9812a1888c470d13eb21fa9a782277
- SHA1
  
  567d226e5bb40bec7b3e93a740140df88ecdcd5c
- SHA256
  
  a53732f6b49c8d9b99b7bdad38c3255f7ea944e14b86c8f674dd3187c74e808e
- SHA512
  
  6b9c5b38d9a09b63cee437b33611a5fcb4a43b5a56eec693279fac4bd4fef4c1971d2be8cd9b357ed2d2e84ca8b2f4b84876d31ea67c19d3c26dbf8b1e743f47
- SSDEEP
  
  6144:x7NHXf500MEZXBpc96nbsebHgAA7yITIXE8dWS:Fd50Yc96bMVL2E8AS
Score

10^/10

quasar office04 discovery spyware trojan
- Quasar RAT
  Quasar is an open source Remote Access Tool.
  trojan spyware quasar
- Quasar payload
- Executes dropped EXE
- Loads dropped DLL
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

quasaroffice04discoveryspywaretrojan

behavioral2

quasaroffice04discoveryspywaretrojan

© 2018-2024

Terms | Privacy