quasar | 0fa8e2b1073b28e1941150d9ff1651b4dfce15cb1a0ccdcd33d5caca3af20db0 | Triage

Sharing

General

Target

Roblox exploit 2024.7z
Size

922KB
Sample

241104-wxc6caxmbk
MD5

b83419ff541c2f78be5921c4c150aa2f
SHA1

2b0a73d56cf4af03d0b1eb51d7e2092f320972f0
SHA256

0fa8e2b1073b28e1941150d9ff1651b4dfce15cb1a0ccdcd33d5caca3af20db0
SHA512

d9faa15debc5bcae1d391f8cf6f713f2bf8996c64ca4b05f1bddb5f47a7c3980dbc5b784d4791f3a41739b8443fce6a224bcb7ee3654761698f02918b7c5f6a8
SSDEEP

24576:uc92iZi0TVp6x0W7GjN59lfzlPRdAeqoeTy4x3kNp6k:um2iZnV8x0W+Npko0ny1

Score

10^/10

quasar office04 discovery spyware trojan

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

Office04

C2

Inversin-43597.portmap.host:43597

Mutex

80329fd2-f063-4b06-9c7e-8dbc6278c2a3

Attributes

encryption_key
744EA1A385FEBC6DA96387411B7000D77E66B075
install_name
Client.exe
log_directory
Logs
reconnect_delay
3000
startup_key
java updater
subdirectory
SubDir

Targets

- Target
  
  Roblox exploit 2024.7z
- Size
  
  922KB
- MD5
  
  b83419ff541c2f78be5921c4c150aa2f
- SHA1
  
  2b0a73d56cf4af03d0b1eb51d7e2092f320972f0
- SHA256
  
  0fa8e2b1073b28e1941150d9ff1651b4dfce15cb1a0ccdcd33d5caca3af20db0
- SHA512
  
  d9faa15debc5bcae1d391f8cf6f713f2bf8996c64ca4b05f1bddb5f47a7c3980dbc5b784d4791f3a41739b8443fce6a224bcb7ee3654761698f02918b7c5f6a8
- SSDEEP
  
  24576:uc92iZi0TVp6x0W7GjN59lfzlPRdAeqoeTy4x3kNp6k:um2iZnV8x0W+Npko0ny1
Score

10^/10

quasar office04 discovery spyware trojan
- Quasar RAT
  Quasar is an open source Remote Access Tool.
  trojan spyware quasar
- Quasar family
  quasar
- Quasar payload
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

Remote System Discovery

System Information Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

quasaroffice04discoveryspywaretrojan