quasar | 5d6a1784c8174765c6cbcae4384a72433e0d4c853bcc83baa2a56f5e6826ecc1 | Triage

Sharing

General

Target

5d6a1784c8174765c6cbcae4384a72433e0d4c853bcc83baa2a56f5e6826ecc1.bat
Size

1.6MB
Sample

241111-cwl73szlfx
MD5

28b65da7604be7bf55d110b2d521e819
SHA1

81c6e84481c6e930b56744c952fd6ad51d1d0510
SHA256

5d6a1784c8174765c6cbcae4384a72433e0d4c853bcc83baa2a56f5e6826ecc1
SHA512

b7cf5171c7c03952408185784617b18560113aa12495cae6feb6a1624253ab26f590f549adcb86f01b03216991eb329281362bacc0735207f17d374b6ebfc986
SSDEEP

24576:R7gWtTN1E+XtPIVRbYswK391U9NxwoQvn7hHBhVFbU3fY2m+7BdMtgYGURazVXm6:R8GoJVlXhwmQYRataE

Score

10^/10

quasar office04 execution spyware trojan

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

Office04

C2

walkout.ddnsgeek.com:8080

Mutex

27391f85-a482-471a-b2cd-1f8ab5bde32e

Attributes

encryption_key
6469F8C5BA9A2CFDCF4A3F1651D1E92DBEA41117
install_name
Client.exe
log_directory
Logs
reconnect_delay
3000
startup_key
Quasar Client Startup
subdirectory
SubDir

Targets

- Target
  
  5d6a1784c8174765c6cbcae4384a72433e0d4c853bcc83baa2a56f5e6826ecc1.bat
- Size
  
  1.6MB
- MD5
  
  28b65da7604be7bf55d110b2d521e819
- SHA1
  
  81c6e84481c6e930b56744c952fd6ad51d1d0510
- SHA256
  
  5d6a1784c8174765c6cbcae4384a72433e0d4c853bcc83baa2a56f5e6826ecc1
- SHA512
  
  b7cf5171c7c03952408185784617b18560113aa12495cae6feb6a1624253ab26f590f549adcb86f01b03216991eb329281362bacc0735207f17d374b6ebfc986
- SSDEEP
  
  24576:R7gWtTN1E+XtPIVRbYswK391U9NxwoQvn7hHBhVFbU3fY2m+7BdMtgYGURazVXm6:R8GoJVlXhwmQYRataE
Score

10^/10

execution quasar office04 spyware trojan
- Quasar RAT
  Quasar is an open source Remote Access Tool.
  trojan spyware quasar
- Quasar family
  quasar
- Quasar payload
- Blocklisted process makes network request
- Command and Scripting Interpreter: PowerShell
  Run Powershell and hide display window.
  execution
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

quasaroffice04executionspywaretrojan