quasar | 113c957ba369a4bea2068a9d5596f644e365cb81c19a28cce8ca1382ccc08e2d | Triage

Sharing

General

Target

113c957ba369a4bea2068a9d5596f644e365cb81c19a28cce8ca1382ccc08e2d.cmd
Size

1.6MB
Sample

241111-cjq1hazjbw
MD5

846debdd4c489b9cdf58cf035011385b
SHA1

edd9486a627bc3f35772e2e79eb7a3aa021569cd
SHA256

113c957ba369a4bea2068a9d5596f644e365cb81c19a28cce8ca1382ccc08e2d
SHA512

c46b02e2a54314bca1695e03196a7041aebe5bede3e857f62e0e634cc2c4ea9ed95d569a73c2b6c935afab5a961a0253ce40988e3c65d9ff33bbaa34a2376f51
SSDEEP

24576:RHSLwbi29FzHWBFGa+EWO41DglXFH9zW9jpWwhVBn2eWKT:/vDOGiWI2DtJ

Score

10^/10

quasar office04 execution spyware trojan

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

Office04

C2

walkout.ddnsgeek.com:8080

Mutex

27391f85-a482-471a-b2cd-1f8ab5bde32e

Attributes

encryption_key
6469F8C5BA9A2CFDCF4A3F1651D1E92DBEA41117
install_name
Client.exe
log_directory
Logs
reconnect_delay
3000
startup_key
Quasar Client Startup
subdirectory
SubDir

Targets

- Target
  
  113c957ba369a4bea2068a9d5596f644e365cb81c19a28cce8ca1382ccc08e2d.cmd
- Size
  
  1.6MB
- MD5
  
  846debdd4c489b9cdf58cf035011385b
- SHA1
  
  edd9486a627bc3f35772e2e79eb7a3aa021569cd
- SHA256
  
  113c957ba369a4bea2068a9d5596f644e365cb81c19a28cce8ca1382ccc08e2d
- SHA512
  
  c46b02e2a54314bca1695e03196a7041aebe5bede3e857f62e0e634cc2c4ea9ed95d569a73c2b6c935afab5a961a0253ce40988e3c65d9ff33bbaa34a2376f51
- SSDEEP
  
  24576:RHSLwbi29FzHWBFGa+EWO41DglXFH9zW9jpWwhVBn2eWKT:/vDOGiWI2DtJ
Score

10^/10

execution quasar office04 spyware trojan
- Quasar RAT
  Quasar is an open source Remote Access Tool.
  trojan spyware quasar
- Quasar family
  quasar
- Quasar payload
- Blocklisted process makes network request
- Command and Scripting Interpreter: PowerShell
  Run Powershell and hide display window.
  execution
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

quasaroffice04executionspywaretrojan