quasar | 9f3064a561f1c6554ca816569553ccf751a9a22360184a53c9b32db66017dbca | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

AIRVPNNNNN...EE.exe

windows10-ltsc 2021-x64

Sharing

General

Target

AIRVPNNNNNNNNNNNNNNNNNOSIRVEEEEEE.exe
Size

3.1MB
Sample

241113-ge6bvawlex
MD5

434bebcd54481549163ce6c29eefb0ed
SHA1

f0a643b353cd1d5c16ededbec902ab4e8462a5cc
SHA256

9f3064a561f1c6554ca816569553ccf751a9a22360184a53c9b32db66017dbca
SHA512

3dcc0ae35b3d210e04042a70b933c00ad9fcf41eee9938e1239fc93a12f16cb1641ce2ac454e9893239d1f45c6065c21e3400a544db6c4e873a9cde5e3cde403
SSDEEP

49152:bvyI22SsaNYfdPBldt698dBcjHt5vE1JV/oGdcTHHB72eh2NT:bvf22SsaNYfdPBldt6+dBcjHt5vS

Score

10^/10

quasar office04 spyware trojan

Static task

static1

office04 quasar

3 signatures

Behavioral task

behavioral1

Sample

AIRVPNNNNNNNNNNNNNNNNNOSIRVEEEEEE.exe

Resource

win10ltsc2021-20241023-en

quasar office04 spyware trojan

windows10-ltsc 2021-x64

9 signatures

150 seconds

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

Office04

C2

204.8.98.75:4782

Mutex

e51e2b65-e963-4051-9736-67d57ed46798

Attributes

encryption_key
AEA258EF65BF1786F0F767C0BE2497ECC304C46F
install_name
Client.exe
log_directory
Logs
reconnect_delay
3000
startup_key
Quasar Client Startup
subdirectory
SubDir

Targets

- Target
  
  AIRVPNNNNNNNNNNNNNNNNNOSIRVEEEEEE.exe
- Size
  
  3.1MB
- MD5
  
  434bebcd54481549163ce6c29eefb0ed
- SHA1
  
  f0a643b353cd1d5c16ededbec902ab4e8462a5cc
- SHA256
  
  9f3064a561f1c6554ca816569553ccf751a9a22360184a53c9b32db66017dbca
- SHA512
  
  3dcc0ae35b3d210e04042a70b933c00ad9fcf41eee9938e1239fc93a12f16cb1641ce2ac454e9893239d1f45c6065c21e3400a544db6c4e873a9cde5e3cde403
- SSDEEP
  
  49152:bvyI22SsaNYfdPBldt698dBcjHt5vE1JV/oGdcTHHB72eh2NT:bvf22SsaNYfdPBldt6+dBcjHt5vS
Score

10^/10

quasar office04 spyware trojan
- Quasar RAT
  Quasar is an open source Remote Access Tool.
  trojan spyware quasar
- Quasar family
  quasar
- Quasar payload
- Executes dropped EXE
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

quasaroffice04spywaretrojan

© 2018-2025

Terms | Privacy

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.