quasar | 8cbf4bc37d1cdcd9448ee1b1e0ccd78e1c086c4f3204fb416eb5ef54cd560dd1 | Triage

Sharing

General

Target

Client-built.exe
Size

3.1MB
Sample

241110-whjpks1hll
MD5

64883e389e15c6d937ec877f70be133b
SHA1

9db3db888d02b722eb884d4420ac8c87333d4c35
SHA256

8cbf4bc37d1cdcd9448ee1b1e0ccd78e1c086c4f3204fb416eb5ef54cd560dd1
SHA512

e9b88f75c978110d8867451f717d1d8cc7778f35895e445f712440913ddbc63cfa795eff36b82ca9b399d02d1577495b2f863cc6d12337482278d5e616418858
SSDEEP

49152:/vrhBYjCO4Dt2d5aKCuVPzlEmVQL0wvwkabuNkSgLoGVrFcTHHB72eh2NT:/vjt2d5aKCuVPzlEmVQ0wvwfbuNkS+

Score

10^/10

quasar office04 discovery spyware trojan

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

Office04

C2

gorodpro-37914.portmap.host:37914

Mutex

1c5ec883-e96d-4a3a-9035-7a940d47aeb7

Attributes

encryption_key
99E87F88E9E967A51725453CB8223ADDB8256DE2
install_name
WindowsDefender.exe
log_directory
Logs
reconnect_delay
3000
startup_key
Windows Defender
subdirectory
WindowsDefender

Targets

- Target
  
  Client-built.exe
- Size
  
  3.1MB
- MD5
  
  64883e389e15c6d937ec877f70be133b
- SHA1
  
  9db3db888d02b722eb884d4420ac8c87333d4c35
- SHA256
  
  8cbf4bc37d1cdcd9448ee1b1e0ccd78e1c086c4f3204fb416eb5ef54cd560dd1
- SHA512
  
  e9b88f75c978110d8867451f717d1d8cc7778f35895e445f712440913ddbc63cfa795eff36b82ca9b399d02d1577495b2f863cc6d12337482278d5e616418858
- SSDEEP
  
  49152:/vrhBYjCO4Dt2d5aKCuVPzlEmVQL0wvwkabuNkSgLoGVrFcTHHB72eh2NT:/vjt2d5aKCuVPzlEmVQ0wvwfbuNkS+
Score

10^/10

quasar office04 discovery spyware trojan
- Quasar RAT
  Quasar is an open source Remote Access Tool.
  trojan spyware quasar
- Quasar family
  quasar
- Quasar payload
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

Remote System Discovery

System Information Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

quasaroffice04discoveryspywaretrojan