quasar | 9fe210a11e62457a2913c5501e50ef80d2c8cd1120d938432626eb914909f801 | Triage

Submit
Reports

Overview

overview

Static

static

1

Inversin2.first.ovpn

windows10-ltsc 2021-x64

Sharing

General

Target

Inversin2.first.ovpn
Size

4KB
Sample

241105-e196tavbkd
MD5

8456942100eaf536bb9edf30afbe3b64
SHA1

de1ebc945ac0d5cc7161370d69b763b6211ac2e7
SHA256

9fe210a11e62457a2913c5501e50ef80d2c8cd1120d938432626eb914909f801
SHA512

49283477fda01d06d3cd2107ea37687620a957899284f613ac81a713ec1b27fafeac320c3476e34e2a8c63b169e7e671e76478398fe955282f607201751f9970
SSDEEP

96:6aNr6IA3AeOY6hXrVfaCy+tF4ucaLlK3Az6E0H61Wdc6jlcx+V7Px6i6s:6aNr6IDRy+tWucaLjZ04sc6WxM7Z6ib

Score

10^/10

quasar office04 discovery spyware trojan

Static task

static1

Behavioral task

behavioral1

Sample

Inversin2.first.ovpn

Resource

win10ltsc2021-20241023-en

quasar office04 discovery spyware trojan

windows10-ltsc 2021-x64

28 signatures

1800 seconds

Malware Config

Extracted

Family

quasar

Attributes

reconnect_delay
5000

Extracted

Family

quasar

Version

1.4.1

Botnet

Office04

C2

10.127.1.127:4782

Mutex

27b4bceb-071c-49a0-8bca-3a989c114a17

Attributes

encryption_key
EAEDFD6C6C0EA0BF7F7A63603931D231453DE1D6
install_name
Client.exe
log_directory
Logs
reconnect_delay
3000
startup_key
Quasar Client Startup
subdirectory
SubDir

Targets

- Target
  
  Inversin2.first.ovpn
- Size
  
  4KB
- MD5
  
  8456942100eaf536bb9edf30afbe3b64
- SHA1
  
  de1ebc945ac0d5cc7161370d69b763b6211ac2e7
- SHA256
  
  9fe210a11e62457a2913c5501e50ef80d2c8cd1120d938432626eb914909f801
- SHA512
  
  49283477fda01d06d3cd2107ea37687620a957899284f613ac81a713ec1b27fafeac320c3476e34e2a8c63b169e7e671e76478398fe955282f607201751f9970
- SSDEEP
  
  96:6aNr6IA3AeOY6hXrVfaCy+tF4ucaLlK3Az6E0H61Wdc6jlcx+V7Px6i6s:6aNr6IDRy+tWucaLjZ04sc6WxM7Z6ib
Score

10^/10

quasar office04 discovery spyware trojan
- Quasar RAT
  Quasar is an open source Remote Access Tool.
  trojan spyware quasar
- Quasar family
  quasar
- Quasar payload
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Legitimate hosting services abused for malware hosting/C2
- Drops file in System32 directory
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Browser Information Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

quasaroffice04discoveryspywaretrojan

© 2018-2024

Terms | Privacy