quasar | 58671062765c541f858551837525536a08babe3f9f61e49dad5164afdce228fa | Triage

Submit
Reports

Overview

overview

Static

static

Plasma/Pla...ta.exe

windows7-x64

Plasma/Pla...ta.exe

windows10-2004-x64

Sharing

Copy URL Twitter E-mail

General

Target

Outdated
Size

1.2MB
Sample

241011-2splgaybrf
MD5

2628b476ac0a2be8ff8bca677a8be600
SHA1

0edb12ce4ae958153dd44fd2c48042f128046767
SHA256

58671062765c541f858551837525536a08babe3f9f61e49dad5164afdce228fa
SHA512

d12c5f9ded4601e541da62b537545a5333f1030508be2dbf55073cba92d60da11da0419c0f678d465fd140d0cfffd2d45ccdf04a3da6030b4d833c73f1dfd309
SSDEEP

24576:rRniNa+NlBMfWBe+nATvF76F+01W9EWlNlMVi/lfd7uA8WFLIfb5C:rliNFfYMRApG4/rNlMM9fd7u0FiNC

Score

10^/10

quasar office04 spyware trojan

Static task

static1

office04 quasar

3 signatures

Behavioral task

behavioral1

Sample

Plasma/Plasma-Beta.exe

Resource

win7-20240903-en

quasar office04 spyware trojan

windows7-x64

11 signatures

150 seconds

Behavioral task

behavioral2

Sample

Plasma/Plasma-Beta.exe

Resource

win10v2004-20241007-en

quasar office04 spyware trojan

windows10-2004-x64

11 signatures

150 seconds

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

Office04

C2

192.168.1.70:5454

192.168.56.1:5454

Mutex

8b85854a-41b9-4faf-aab9-2182138da5b7

Attributes

encryption_key
B3D003255520CFACB7575FB2F190499512644F97
install_name
Plasma-Beta.exe
log_directory
Logs
reconnect_delay
3000
startup_key
Quasar Client Startup
subdirectory
SubDir

Targets

- Target
  
  Plasma/Plasma-Beta.exe
- Size
  
  3.1MB
- MD5
  
  a3127d05d890aaa4cad803ba51689d0e
- SHA1
  
  2928db5752c6f637ec7528da8ba0862426161bb6
- SHA256
  
  d1f6f7ec908462ac1bcb57b8b7de7e947f29648d8814130a1af6439d772b6cd1
- SHA512
  
  9093b8c93a7487e220c92c28ec374f9ddf8a6a663003f636e5c2f0ca98ed4cdb0e7dfee1c777c23e2f1ef967b0d28803be322eac2efa647d6e4d1764cdb30324
- SSDEEP
  
  49152:Tv8G42pda6D+/PjlLOlg6yQipVscRJ6IbR3LoGdIxTHHB72eh2NT:TvH42pda6D+/PjlLOlZyQipVscRJ6i
Score

10^/10

quasar office04 spyware trojan
- Quasar RAT
  Quasar is an open source Remote Access Tool.
  trojan spyware quasar
- Quasar payload
- Executes dropped EXE
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

quasaroffice04spywaretrojan

behavioral2

quasaroffice04spywaretrojan

© 2018-2025

Terms | Privacy