Extracted

• • Target

    Nose.png

  • Size

    1.2MB

  • MD5

    ed9c825249a85040c2e6df6049ab6ba6

  • SHA1

    af0a2b4738b933b1c6c23ac96c4b7675b2fc43b9

  • SHA256

    6afbecf27622e89b8a0d5e7107a951a996b22b1a4239f3e1d7876ef603e3e93d

  • SHA512

    018cd0ce54ae7160c2a43aae4c0f3cf2c51c9a449c031f6cf2a1da2f10c776a518037b07717a21d19927ab82cb97fcbe74864e192a0f593bb61da15707901592

  • SSDEEP

    24576:6iUwcohkKHD0FKK9ETsfL7oTKl5iA7tDnqBWhKJeQG+CdZtwjueui7bN:CchkKHYFK848L7oTKl5vtDnjKJXG+Cih

  Score

  10^/10

  quasaroffice04googlediscoveryphishingspywaretrojan

  • Detected google phishing page

    phishinggoogle

  • Quasar RAT

    Quasar is an open source Remote Access Tool.

    trojanspywarequasar

  • Quasar family

    quasar

  • Quasar payload

  • Executes dropped EXE

  • Legitimate hosting services abused for malware hosting/C2

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  behavioral1