quasar | ce508fa9511aa4309eac4918f01af343cdd2bce0c73e9bce9e4206a13582e17d | Triage

Sharing

General

Target

ai6lyo.cmd
Size

1.6MB
Sample

241031-s7dyvasmam
MD5

0f8ecd82f53888d03ee36e78225181fb
SHA1

3abe8ed58265316c75158065443a6318a6318f9d
SHA256

ce508fa9511aa4309eac4918f01af343cdd2bce0c73e9bce9e4206a13582e17d
SHA512

aae702e1479c0fc780e3f8ff9933c396df79e5b753eda570c6b0d3b95091bbfe2b0bfab408279b9f9cf350022d69904c94cb2b543fc3d5f221557e1b80b5994e
SSDEEP

24576:KZHDpueS6SQJIkbxXB8PYnzvqaUgGKWGO+rXnarj2kFbrHHmQKnPd9ygZ3nalxEE:m79v9PiZdDDasP

Score

10^/10

quasar office04 execution spyware trojan

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

Office04

C2

45.200.148.197:8080

Mutex

b24e0ed5-7881-48ee-84be-d87223f56093

Attributes

encryption_key
561A2408C473BBAB7B3AD5B4005F5481E98E07AC
install_name
Client.exe
log_directory
Logs
reconnect_delay
3000
startup_key
Quasar Client Startup
subdirectory
SubDir

Targets

- Target
  
  ai6lyo.cmd
- Size
  
  1.6MB
- MD5
  
  0f8ecd82f53888d03ee36e78225181fb
- SHA1
  
  3abe8ed58265316c75158065443a6318a6318f9d
- SHA256
  
  ce508fa9511aa4309eac4918f01af343cdd2bce0c73e9bce9e4206a13582e17d
- SHA512
  
  aae702e1479c0fc780e3f8ff9933c396df79e5b753eda570c6b0d3b95091bbfe2b0bfab408279b9f9cf350022d69904c94cb2b543fc3d5f221557e1b80b5994e
- SSDEEP
  
  24576:KZHDpueS6SQJIkbxXB8PYnzvqaUgGKWGO+rXnarj2kFbrHHmQKnPd9ygZ3nalxEE:m79v9PiZdDDasP
Score

10^/10

execution quasar office04 spyware trojan
- Quasar RAT
  Quasar is an open source Remote Access Tool.
  trojan spyware quasar
- Quasar family
  quasar
- Quasar payload
- Blocklisted process makes network request
- Command and Scripting Interpreter: PowerShell
  Run Powershell and hide display window.
  execution
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

quasaroffice04executionspywaretrojan