quasar | aa3170ce6b4bbd9960ac0ccd60f7d0b39cc0d28254bfe73545b540cbd8444b21 | Triage

Submit
Reports

Overview

overview

Static

static

Client-built.exe

windows11-21h2-x64

Resubmissions

15/10/2024, 18:43 UTC

241015-xcv14avdjn 10

15/10/2024, 00:19 UTC

241015-al9jhstelf 10

15/10/2024, 00:16 UTC

241015-akkh1atdpd 10

14/10/2024, 23:42 UTC

241014-3qeh6awdrq 10

14/10/2024, 23:27 UTC

241014-3fm3jswaqk 10

Sharing

General

Target

Client-built.exe
Size

3.1MB
Sample

241015-akkh1atdpd
MD5

e35d832888fda0fd705386a4b94ecc49
SHA1

86380c3eea496c7947c25c547748cfeed51c4de9
SHA256

aa3170ce6b4bbd9960ac0ccd60f7d0b39cc0d28254bfe73545b540cbd8444b21
SHA512

60d6aec705948474fa007dad26fdba9b92dcb1098aefb4eed2898af7b048729e4a3ee5af7e7b9ca9e555b97b54f6d97007dfc1531d0abb9e5da01b5911c5fd63
SSDEEP

49152:Av4lL26AaNeWgPhlmVqvMQ7XSKNEREuY4oGdPwTHHB72eh2NT:AvQL26AaNeWgPhlmVqkQ7XSKmREuT

Score

10^/10

quasar office04 discovery spyware trojan

Static task

static1

office04 quasar

3 signatures

Behavioral task

behavioral1

Sample

Client-built.exe

Resource

win11-20241007-en

quasar office04 discovery spyware trojan

windows11-21h2-x64

15 signatures

150 seconds

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

Office04

C2

HomoThugger-36407.portmap.host:36407

Mutex

42d6f4c0-e8fc-473a-b92d-ded3fb29334a

Attributes

encryption_key
3CDA48FEB25557C87485A9F37CDC861398BEA3C7
install_name
Client.exe
log_directory
Logs
reconnect_delay
3000
startup_key
Quasar Client Startup
subdirectory
SubDir

Targets

- Target
  
  Client-built.exe
- Size
  
  3.1MB
- MD5
  
  e35d832888fda0fd705386a4b94ecc49
- SHA1
  
  86380c3eea496c7947c25c547748cfeed51c4de9
- SHA256
  
  aa3170ce6b4bbd9960ac0ccd60f7d0b39cc0d28254bfe73545b540cbd8444b21
- SHA512
  
  60d6aec705948474fa007dad26fdba9b92dcb1098aefb4eed2898af7b048729e4a3ee5af7e7b9ca9e555b97b54f6d97007dfc1531d0abb9e5da01b5911c5fd63
- SSDEEP
  
  49152:Av4lL26AaNeWgPhlmVqvMQ7XSKNEREuY4oGdPwTHHB72eh2NT:AvQL26AaNeWgPhlmVqkQ7XSKmREuT
Score

10^/10

quasar office04 discovery spyware trojan
- Quasar RAT
  Quasar is an open source Remote Access Tool.
  trojan spyware quasar
- Quasar payload
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

quasaroffice04discoveryspywaretrojan

© 2018-2025

Terms | Privacy

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.