quasar | af896d89bd5371a4236a7993a11484ddb5890bea7da569f61519dbe963216a88 | Triage

Submit
Reports

Overview

overview

Static

static

Client-built.exe

windows7-x64

Client-built.exe

windows10-2004-x64

Sharing

General

Target

Client-built.exe
Size

3.1MB
Sample

241114-t1v48a1fnq
MD5

2364bd709ace33ac4144257da2a03282
SHA1

ba2272a8f9417f422ac77d84e41a55a2ad77f980
SHA256

af896d89bd5371a4236a7993a11484ddb5890bea7da569f61519dbe963216a88
SHA512

41cd1b224a9efb2ac3abc12a55963bbf1a7bef36d27c3ec0177cd71d72684eb725120e772500685f448ad32d940f602d5f91ba1cdab0463c154ad64029f42e23
SSDEEP

49152:yvKt62XlaSFNWPjljiFa2RoUYIFxOEMklk/JxxoGdzTHHB72eh2NT:yvi62XlaSFNWPjljiFXRoUYIFx8L

Score

10^/10

quasar office04 spyware trojan

Static task

static1

office04 quasar

3 signatures

Behavioral task

behavioral1

Sample

Client-built.exe

Resource

win7-20240729-en

quasar office04 spyware trojan

windows7-x64

10 signatures

150 seconds

Behavioral task

behavioral2

Sample

Client-built.exe

Resource

win10v2004-20241007-en

quasar office04 spyware trojan

windows10-2004-x64

8 signatures

150 seconds

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

Office04

C2

0.tcp.us-cal-1.ngrok.io:19421

Mutex

77c9d407-6130-4e2f-8d22-c4eda6d22b1f

Attributes

encryption_key
210D68A7233E9455E4EEC5A5388A8DF203518D0F
install_name
Client.exe
log_directory
Logs
reconnect_delay
1500
startup_key
wwwwwww
subdirectory
SubDir

Targets

- Target
  
  Client-built.exe
- Size
  
  3.1MB
- MD5
  
  2364bd709ace33ac4144257da2a03282
- SHA1
  
  ba2272a8f9417f422ac77d84e41a55a2ad77f980
- SHA256
  
  af896d89bd5371a4236a7993a11484ddb5890bea7da569f61519dbe963216a88
- SHA512
  
  41cd1b224a9efb2ac3abc12a55963bbf1a7bef36d27c3ec0177cd71d72684eb725120e772500685f448ad32d940f602d5f91ba1cdab0463c154ad64029f42e23
- SSDEEP
  
  49152:yvKt62XlaSFNWPjljiFa2RoUYIFxOEMklk/JxxoGdzTHHB72eh2NT:yvi62XlaSFNWPjljiFXRoUYIFx8L
Score

10^/10

quasar office04 spyware trojan
- Quasar RAT
  Quasar is an open source Remote Access Tool.
  trojan spyware quasar
- Quasar family
  quasar
- Quasar payload
- Executes dropped EXE
- Legitimate hosting services abused for malware hosting/C2
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

quasaroffice04spywaretrojan

behavioral2

quasaroffice04spywaretrojan

© 2018-2024

Terms | Privacy