quasar | fc564833b7c6fc4e991eb80e075d1c36306b9828172609ad311216ec5fc647f4 | Triage

Submit
Reports

Overview

overview

Static

static

Client-built.exe

windows10-ltsc 2021-x64

Sharing

General

Target

Client-built.exe
Size

3.1MB
Sample

241031-atr97stlh1
MD5

dca77ba52c9e20bdb3fcb81657918f89
SHA1

7cec39d83783008bb9a151b2a71dbc1eb03a7bbf
SHA256

fc564833b7c6fc4e991eb80e075d1c36306b9828172609ad311216ec5fc647f4
SHA512

30fe235a26fe74a1fe27caafe059ee5463790252b046a5e467a0d938f1b77a05c0850a37883066a0d4c7bbd11f1bf36bf7a35e4ef3da86d4f7b2c240f2d8929a
SSDEEP

49152:uv3I22SsaNYfdPBldt698dBcjHOezFXear1QoGdiWTHHB72eh2NT:uv422SsaNYfdPBldt6+dBcjHXZXK

Score

10^/10

quasar office04 spyware trojan

Static task

static1

office04 quasar

3 signatures

Behavioral task

behavioral1

Sample

Client-built.exe

Resource

win10ltsc2021-20241023-en

quasar office04 spyware trojan

windows10-ltsc 2021-x64

14 signatures

150 seconds

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

Office04

C2

10.127.1.2:1604

Mutex

93b40a09-fbd7-4b29-8423-560b40061e4f

Attributes

encryption_key
55EAC2BE7559DA6721E45ED8C2349D6EFC3C9EE2
install_name
Client.exe
log_directory
Logs
reconnect_delay
3000
startup_key
Quasar Client Startup
subdirectory
SubDir

Targets

- Target
  
  Client-built.exe
- Size
  
  3.1MB
- MD5
  
  dca77ba52c9e20bdb3fcb81657918f89
- SHA1
  
  7cec39d83783008bb9a151b2a71dbc1eb03a7bbf
- SHA256
  
  fc564833b7c6fc4e991eb80e075d1c36306b9828172609ad311216ec5fc647f4
- SHA512
  
  30fe235a26fe74a1fe27caafe059ee5463790252b046a5e467a0d938f1b77a05c0850a37883066a0d4c7bbd11f1bf36bf7a35e4ef3da86d4f7b2c240f2d8929a
- SSDEEP
  
  49152:uv3I22SsaNYfdPBldt698dBcjHOezFXear1QoGdiWTHHB72eh2NT:uv422SsaNYfdPBldt6+dBcjHXZXK
Score

10^/10

quasar office04 spyware trojan
- Quasar RAT
  Quasar is an open source Remote Access Tool.
  trojan spyware quasar
- Quasar family
  quasar
- Quasar payload
- Executes dropped EXE
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

quasaroffice04spywaretrojan

© 2018-2024

Terms | Privacy