quasar | 30f2e4ca621ecdb886fba8ce596d07090d1730bfcec91112d9011bfb58270f81 | Triage

Sharing

General

Target

ss.exe
Size

3.1MB
Sample

241110-wgdrya1mgw
MD5

78859f6e8d39f50e6470af9112d61afd
SHA1

e34aef15bfcfcd3066f90e33cecffced76422aaa
SHA256

30f2e4ca621ecdb886fba8ce596d07090d1730bfcec91112d9011bfb58270f81
SHA512

14ea0a38210bb1da5b09069b0e95e8800b24941bc4bc5f3bb957eb675ff53757eb0ae9aae53c31fa007197e9cc65cd4a183dfb36f7c96e3ab85e3daf65b25756
SSDEEP

49152:fvrhBYjCO4Dt2d5aKCuVPzlEmVQL0wvwkaHdxNESEUk/iCLoGdEPTHHB72eh2NT:fvjt2d5aKCuVPzlEmVQ0wvwf9xDM

Score

10^/10

quasar office04 discovery spyware trojan

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

Office04

C2

gorodpro-37914.portmap.host:37914

Mutex

1c5ec883-e96d-4a3a-9035-7a940d47aeb7

Attributes

encryption_key
99E87F88E9E967A51725453CB8223ADDB8256DE2
install_name
WindowsDefender.exe
log_directory
Logs
reconnect_delay
3000
startup_key
Windows Defender
subdirectory
WindowsDefender

Targets

- Target
  
  ss.exe
- Size
  
  3.1MB
- MD5
  
  78859f6e8d39f50e6470af9112d61afd
- SHA1
  
  e34aef15bfcfcd3066f90e33cecffced76422aaa
- SHA256
  
  30f2e4ca621ecdb886fba8ce596d07090d1730bfcec91112d9011bfb58270f81
- SHA512
  
  14ea0a38210bb1da5b09069b0e95e8800b24941bc4bc5f3bb957eb675ff53757eb0ae9aae53c31fa007197e9cc65cd4a183dfb36f7c96e3ab85e3daf65b25756
- SSDEEP
  
  49152:fvrhBYjCO4Dt2d5aKCuVPzlEmVQL0wvwkaHdxNESEUk/iCLoGdEPTHHB72eh2NT:fvjt2d5aKCuVPzlEmVQ0wvwf9xDM
Score

10^/10

quasar office04 discovery spyware trojan
- Quasar RAT
  Quasar is an open source Remote Access Tool.
  trojan spyware quasar
- Quasar family
  quasar
- Quasar payload
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

Remote System Discovery

System Information Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

quasaroffice04discoveryspywaretrojan