quasar | b2dc53182a52e5c69dadc178d78293ba0279bab390060706aea82e06d6d0ee38 | Triage

Sharing

General

Target

b2dc53182a52e5c69dadc178d78293ba0279bab390060706aea82e06d6d0ee38
Size

3.1MB
Sample

241107-v3d46awgna
MD5

65d9cfbe768bb4f5840ef5ce4610491d
SHA1

9a6c333de102612e87b2b5e77250fc157d8e3b2c
SHA256

b2dc53182a52e5c69dadc178d78293ba0279bab390060706aea82e06d6d0ee38
SHA512

8109122d52b62fb9801a127aa1c7939eef5544c491696d6f251e0d622eda39a0b30d8a0faf3b7c655fd080e83e52b0525329fff8e440fc29b54fa7d4b4acc7ba
SSDEEP

49152:zvCI22SsaNYfdPBldt698dBcjH5bQau5p+5k/eLoGdqYPTHHB72eh2NT:zvP22SsaNYfdPBldt6+dBcjHCa/t

Score

10^/10

quasar office04 spyware trojan

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

Office04

C2

79.110.49.113:4782

Mutex

80cc45d9-dc43-44b3-ac80-ecdaba7021d0

Attributes

encryption_key
3EE23A56AD46569523F47CC2BF5DF3AC7BD43361
install_name
wininit.exe
log_directory
Logs
reconnect_delay
3000
startup_key
Windows Security
subdirectory
SubDir

Targets

- Target
  
  b2dc53182a52e5c69dadc178d78293ba0279bab390060706aea82e06d6d0ee38
- Size
  
  3.1MB
- MD5
  
  65d9cfbe768bb4f5840ef5ce4610491d
- SHA1
  
  9a6c333de102612e87b2b5e77250fc157d8e3b2c
- SHA256
  
  b2dc53182a52e5c69dadc178d78293ba0279bab390060706aea82e06d6d0ee38
- SHA512
  
  8109122d52b62fb9801a127aa1c7939eef5544c491696d6f251e0d622eda39a0b30d8a0faf3b7c655fd080e83e52b0525329fff8e440fc29b54fa7d4b4acc7ba
- SSDEEP
  
  49152:zvCI22SsaNYfdPBldt698dBcjH5bQau5p+5k/eLoGdqYPTHHB72eh2NT:zvP22SsaNYfdPBldt6+dBcjHCa/t
Score

10^/10

quasar office04 spyware trojan
- Quasar RAT
  Quasar is an open source Remote Access Tool.
  trojan spyware quasar
- Quasar family
  quasar
- Quasar payload
- Executes dropped EXE
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

quasaroffice04spywaretrojan

behavioral2

quasaroffice04spywaretrojan