quasar | 2ed2177995cad18218b61c46c64ba0575dc54e87c7385ea9bb70d9ca44f18a73 | Triage

Submit
Reports

Overview

overview

Static

static

no virus.exe

windows7-x64

no virus.exe

windows10-2004-x64

Sharing

General

Target

no virus.exe
Size

3.1MB
Sample

241111-s6681atqhq
MD5

9facfa150b35a5985f9507eb0b68f29f
SHA1

366084ec72c2dca7434de64aecece402f3d49e06
SHA256

2ed2177995cad18218b61c46c64ba0575dc54e87c7385ea9bb70d9ca44f18a73
SHA512

e52bdcda29737634a853ccf08d41d927d82ae51299aa235b62ab868bf93c4f6b5f2cdd1400f68d3bf3a5d1d7131732569ddedb33f5d5ed0e7bf67833c01a53a9
SSDEEP

49152:XvQlL26AaNeWgPhlmVqvMQ7XSKD+RJ6ebR3LoGd41THHB72eh2NT:Xv4L26AaNeWgPhlmVqkQ7XSKD+RJ6Y

Score

10^/10

quasar office04 spyware trojan

Static task

static1

office04 quasar

3 signatures

Behavioral task

behavioral1

Sample

no virus.exe

Resource

win7-20240903-en

quasar office04 spyware trojan

windows7-x64

9 signatures

150 seconds

Behavioral task

behavioral2

Sample

no virus.exe

Resource

win10v2004-20241007-en

quasar office04 spyware trojan

windows10-2004-x64

9 signatures

150 seconds

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

Office04

C2

255.255.255.0:4782

192.168.56.1:4782

Mutex

5d8ed293-df10-4841-a52b-8692fbf47f38

Attributes

encryption_key
11B8D109A02D98C9240E47185440CD1BFD88612D
install_name
monkey.exe
log_directory
Logs
reconnect_delay
2882
startup_key
Quasar Client Startup
subdirectory
SubDir

Targets

- Target
  
  no virus.exe
- Size
  
  3.1MB
- MD5
  
  9facfa150b35a5985f9507eb0b68f29f
- SHA1
  
  366084ec72c2dca7434de64aecece402f3d49e06
- SHA256
  
  2ed2177995cad18218b61c46c64ba0575dc54e87c7385ea9bb70d9ca44f18a73
- SHA512
  
  e52bdcda29737634a853ccf08d41d927d82ae51299aa235b62ab868bf93c4f6b5f2cdd1400f68d3bf3a5d1d7131732569ddedb33f5d5ed0e7bf67833c01a53a9
- SSDEEP
  
  49152:XvQlL26AaNeWgPhlmVqvMQ7XSKD+RJ6ebR3LoGd41THHB72eh2NT:Xv4L26AaNeWgPhlmVqkQ7XSKD+RJ6Y
Score

10^/10

quasar office04 spyware trojan
- Quasar RAT
  Quasar is an open source Remote Access Tool.
  trojan spyware quasar
- Quasar family
  quasar
- Quasar payload
- Executes dropped EXE
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

quasaroffice04spywaretrojan

behavioral2

quasaroffice04spywaretrojan

© 2018-2024

Terms | Privacy