quasar | 37b5e44f7394fbc1263d053482c71406e8dcac97ede0f682750941227868a186 | Triage

Submit
Reports

Overview

overview

Static

static

1

Lowx ULP (3).txt

windows11-21h2-x64

Sharing

General

Target

Lowx ULP (3).txt
Size

193.2MB
Sample

241024-qgx8pasfml
MD5

e10c6ea5ab170c21210bb2118994756c
SHA1

6fffa814632f89ed586f4378ae136cf69b4faef4
SHA256

37b5e44f7394fbc1263d053482c71406e8dcac97ede0f682750941227868a186
SHA512

f310483b6404850b91eaedc6c4b55e5bb294f8713f5f16d81af129bca73b157b22675ba93023f9ac1dcba6e3b209df99156d58bc3c12c71882d36c4549da3d51
SSDEEP

393216:eNvyHFXclcqMb1Z75dttWJzMe4eIencimZkJ/2SI34+JZrF:MvyHFXcrMbn7Ptt4zMe4ehnL3ZwlZ5

Score

10^/10

quasar office04 defense_evasion discovery spyware trojan

Static task

static1

Behavioral task

behavioral1

Sample

Lowx ULP (3).txt

Resource

win11-20241007-en

quasar office04 defense_evasion discovery spyware trojan

windows11-21h2-x64

23 signatures

150 seconds

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

Office04

C2

192.168.56.1:4782

Mutex

93eaae4f-2916-40db-9679-8f9946015308

Attributes

encryption_key
906C0450C271523704E6192252A966F36F9EBE6F
install_name
Windowupdata.exe
log_directory
Logs
reconnect_delay
3000
startup_key
windowupdata
subdirectory
SubDir

Targets

- Target
  
  Lowx ULP (3).txt
- Size
  
  193.2MB
- MD5
  
  e10c6ea5ab170c21210bb2118994756c
- SHA1
  
  6fffa814632f89ed586f4378ae136cf69b4faef4
- SHA256
  
  37b5e44f7394fbc1263d053482c71406e8dcac97ede0f682750941227868a186
- SHA512
  
  f310483b6404850b91eaedc6c4b55e5bb294f8713f5f16d81af129bca73b157b22675ba93023f9ac1dcba6e3b209df99156d58bc3c12c71882d36c4549da3d51
- SSDEEP
  
  393216:eNvyHFXclcqMb1Z75dttWJzMe4eIencimZkJ/2SI34+JZrF:MvyHFXcrMbn7Ptt4zMe4ehnL3ZwlZ5
Score

10^/10

quasar office04 defense_evasion discovery spyware trojan
- Quasar RAT
  Quasar is an open source Remote Access Tool.
  trojan spyware quasar
- Quasar payload
- Downloads MZ/PE file
- Executes dropped EXE
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Subvert Trust Controls

SIP and Trust Provider Hijacking

Credential Access

Discovery

Browser Information Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

quasaroffice04defense_evasiondiscoveryspywaretrojan

© 2018-2025

Terms | Privacy