Extracted

• • Target

    lñ{ñ{.exe

  • Size

    3.1MB

  • MD5

    9b5f1028980f25e4f159ce148c9694db

  • SHA1

    08ff1edd240a1cfd41ea87e335d5170745ea6dd7

  • SHA256

    4d8d5ec15e5b63e93b94e0b0a63545b05a7e05a9e9a60a82c597504a9047d89d

  • SHA512

    c1b7c18f8eae3ace437a9ba6a1d1cb593bd544b1a1c694a9ade0de92b38c7b4f902dec9883f9434ccc908f7434912caf7ca2f6d1058c8585885d975a75ccf80d

  • SSDEEP

    49152:DvyI22SsaNYfdPBldt698dBcjHp9S3zarDLoGdWCTHHB72eh2NT:Dvf22SsaNYfdPBldt6+dBcjH+3A

  Score

  10^/10

  quasaroffice04discoverymotwphishingspywaretrojan

  • Quasar RAT

    Quasar is an open source Remote Access Tool.

    trojanspywarequasar

  • Quasar family

    quasar

  • Quasar payload

  • A potential corporate email address has been identified in the URL: [email protected]

    phishing

  • Executes dropped EXE

  • Legitimate hosting services abused for malware hosting/C2

  • Mark of the Web detected: This indicates that the page was originally saved or cloned.

    phishingmotw
  behavioral1