quasar | 146ef38c311af5e1375df0f2ad2f34f691b1104c35e20a610a68eb8147db7e0b | Triage

Sharing

General

Target

syntaxloader.bat
Size

25KB
Sample

241108-1h5n9szgle
MD5

ea50d652e81767c52b0f8428ff1e25da
SHA1

430b12c8f82e58ec10a00426f506b9a0bd71489a
SHA256

146ef38c311af5e1375df0f2ad2f34f691b1104c35e20a610a68eb8147db7e0b
SHA512

60072e939c4b0b3296f699cfb9585444231fad591323c61d4fb9c41828ab41e4afb171cf036623a697ed73e9a0db68954c2f92bac032180b68ca8842390e909f
SSDEEP

384:7f07tvjFJnoSCZV5mbksKIyaxoxJy1KTb:j07tHoSCZqbhKIyPmKf

Score

10^/10

quasar office04 execution spyware trojan

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

Office04

C2

45.95.214.119:1604

Mutex

3e9a7b17-c168-4406-a87b-cdcabb53c1e4

Attributes

encryption_key
B45F6102F44CEBC69B790BA64CFCD6C9F8E03CE3
install_name
battleeye.exe
log_directory
Logs
reconnect_delay
3000
startup_key
Update
subdirectory
beservice

Targets

- Target
  
  syntaxloader.bat
- Size
  
  25KB
- MD5
  
  ea50d652e81767c52b0f8428ff1e25da
- SHA1
  
  430b12c8f82e58ec10a00426f506b9a0bd71489a
- SHA256
  
  146ef38c311af5e1375df0f2ad2f34f691b1104c35e20a610a68eb8147db7e0b
- SHA512
  
  60072e939c4b0b3296f699cfb9585444231fad591323c61d4fb9c41828ab41e4afb171cf036623a697ed73e9a0db68954c2f92bac032180b68ca8842390e909f
- SSDEEP
  
  384:7f07tvjFJnoSCZV5mbksKIyaxoxJy1KTb:j07tHoSCZqbhKIyPmKf
Score

10^/10

execution quasar office04 spyware trojan
- Quasar RAT
  Quasar is an open source Remote Access Tool.
  trojan spyware quasar
- Quasar family
  quasar
- Quasar payload
- Blocklisted process makes network request
- Command and Scripting Interpreter: PowerShell
  Powershell Invoke Web Request.
  execution
- Downloads MZ/PE file
- Executes dropped EXE
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Hide Artifacts

Hidden Files and Directories

Credential Access

Discovery

Query Registry

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

quasaroffice04executionspywaretrojan