quasar | e0f72d48e121eb069eed758c81643f435997e300a961162d0d884bb49219d2c9 | Triage

Sharing

General

Target

Client-built.exe
Size

3.1MB
Sample

241109-e31p6axfpl
MD5

5e3064f23dddf22df2101a997691a696
SHA1

232e882b7bc054e481c70c894aca6269c1f9316d
SHA256

e0f72d48e121eb069eed758c81643f435997e300a961162d0d884bb49219d2c9
SHA512

ac3bfdf2d5eee1725fa84a2a91004012a88c090ab18e0d8639d23df17bc938b34d7ae0b19b7243850071031b62bbd8874975e006bf295886a4ee28dc4e01a23f
SSDEEP

49152:nvkG42pda6D+/PjlLOlg6yQipVLH88o5NBFBeTHoGv5ULTHHB72eh2NT:nvP42pda6D+/PjlLOlZyQipVLc87

Score

10^/10

quasar office04 discovery spyware trojan

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

Office04

C2

193.161.193.99:1194

v4lc-36448.portmap.host:36448:1194

Mutex

a25b5bbf-cc69-4b0b-a242-9d07a80705d5

Attributes

encryption_key
23DCD2457576BD8C17F35C9C4F50BF16D2C7C161
install_name
FlipHood.exe
log_directory
Logs
reconnect_delay
3000
startup_key
Quasar Client Startup
subdirectory
SubDir

Targets

- Target
  
  Client-built.exe
- Size
  
  3.1MB
- MD5
  
  5e3064f23dddf22df2101a997691a696
- SHA1
  
  232e882b7bc054e481c70c894aca6269c1f9316d
- SHA256
  
  e0f72d48e121eb069eed758c81643f435997e300a961162d0d884bb49219d2c9
- SHA512
  
  ac3bfdf2d5eee1725fa84a2a91004012a88c090ab18e0d8639d23df17bc938b34d7ae0b19b7243850071031b62bbd8874975e006bf295886a4ee28dc4e01a23f
- SSDEEP
  
  49152:nvkG42pda6D+/PjlLOlg6yQipVLH88o5NBFBeTHoGv5ULTHHB72eh2NT:nvP42pda6D+/PjlLOlZyQipVLc87
Score

10^/10

quasar office04 discovery spyware trojan
- Quasar RAT
  Quasar is an open source Remote Access Tool.
  trojan spyware quasar
- Quasar family
  quasar
- Quasar payload
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

Remote System Discovery

System Information Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

quasaroffice04discoveryspywaretrojan