quasar | 4a04da4d657c3c6bc45ea42cfef67039cd51173159ce7b707467f69146e086f9 | Triage

Sharing

General

Target

4a04da4d657c3c6bc45ea42cfef67039cd51173159ce7b707467f69146e086f9.exe
Size

3.1MB
Sample

241002-bl8snazcpl
MD5

641cb02c429feb106094750765d0d6af
SHA1

db5be32e7ef7c5e93b7ef4f06bd6854f3a393cbd
SHA256

4a04da4d657c3c6bc45ea42cfef67039cd51173159ce7b707467f69146e086f9
SHA512

8c4baa95d860c22e0ede96da48136db417f61ec6b19fccb847d0317f775e77d1e299f80e2f19230055fabf9e91ec8dbb2d90b055ddeb75b4c714c971afbf37b9
SSDEEP

49152:TIMa8I9WtxU/Pom7ZlHMgK+YISxoJXFacCbG1JoQoGdLTHHB72eh2NT:TI38I9WtxU/Pom7ZlHMg8ISxoJXEcC4

Score

10^/10

quasar office04 spyware trojan

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

Office04

C2

39.102.36.209:4782

Mutex

6d2ccfb9-4bf8-4a23-933c-5674d8e6fac2

Attributes

encryption_key
F48794CF898BB4C5B6223D4F472D7C5E4AD2EF9D
install_name
Clienty.exe
log_directory
Logs
reconnect_delay
3000
startup_key
Quasar Client Startup
subdirectory
SubDir

Targets

- Target
  
  4a04da4d657c3c6bc45ea42cfef67039cd51173159ce7b707467f69146e086f9.exe
- Size
  
  3.1MB
- MD5
  
  641cb02c429feb106094750765d0d6af
- SHA1
  
  db5be32e7ef7c5e93b7ef4f06bd6854f3a393cbd
- SHA256
  
  4a04da4d657c3c6bc45ea42cfef67039cd51173159ce7b707467f69146e086f9
- SHA512
  
  8c4baa95d860c22e0ede96da48136db417f61ec6b19fccb847d0317f775e77d1e299f80e2f19230055fabf9e91ec8dbb2d90b055ddeb75b4c714c971afbf37b9
- SSDEEP
  
  49152:TIMa8I9WtxU/Pom7ZlHMgK+YISxoJXFacCbG1JoQoGdLTHHB72eh2NT:TI38I9WtxU/Pom7ZlHMg8ISxoJXEcC4
Score

10^/10

quasar office04 spyware trojan
- Quasar RAT
  Quasar is an open source Remote Access Tool.
  trojan spyware quasar
- Quasar payload
- Executes dropped EXE
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

quasaroffice04spywaretrojan

behavioral2

quasaroffice04spywaretrojan