quasar | 3c3b47e05f6960d1fdf233949ba2881dd32341ea84240ce3e9b59f0d29ec9fa7 | Triage

Sharing

General

Target

3c3b47e05f6960d1fdf233949ba2881dd32341ea84240ce3e9b59f0d29ec9fa7
Size

348KB
Sample

241130-pcltestlbs
MD5

f07bada4320fae092a7353f47b4e3183
SHA1

046b3e26e91f8c261b2c4de34831a4bbeaf7fab7
SHA256

3c3b47e05f6960d1fdf233949ba2881dd32341ea84240ce3e9b59f0d29ec9fa7
SHA512

78ba95fbdea7c40bef0040fad1ff002ecd2f4ff4c234259c3b54f4f355ac4d391ecb406a6042b445950ecf2f2caab56a92bbe4678fb1bcc63ad83b7483d6dc32
SSDEEP

6144:VjNHXf500MPTrfOfVPfVdANHibPkBZDlr0ALSGxG:Zd50tr1NPrr0ALSGxG

Score

10^/10

quasar office04 discovery spyware trojan

Malware Config

Extracted

Family

quasar

Version

1.3.0.0

Botnet

Office04

C2

192.168.0.100:4782

Mutex

QSR_MUTEX_hesMVzHRGDZjvsZhI7

Attributes

encryption_key
F2l1q8bKCz0sFJakXt5c
install_name
vapev4.exe
log_directory
Logs
reconnect_delay
3000
startup_key
Windows defender application
subdirectory
niger

Targets

- Target
  
  3c3b47e05f6960d1fdf233949ba2881dd32341ea84240ce3e9b59f0d29ec9fa7
- Size
  
  348KB
- MD5
  
  f07bada4320fae092a7353f47b4e3183
- SHA1
  
  046b3e26e91f8c261b2c4de34831a4bbeaf7fab7
- SHA256
  
  3c3b47e05f6960d1fdf233949ba2881dd32341ea84240ce3e9b59f0d29ec9fa7
- SHA512
  
  78ba95fbdea7c40bef0040fad1ff002ecd2f4ff4c234259c3b54f4f355ac4d391ecb406a6042b445950ecf2f2caab56a92bbe4678fb1bcc63ad83b7483d6dc32
- SSDEEP
  
  6144:VjNHXf500MPTrfOfVPfVdANHibPkBZDlr0ALSGxG:Zd50tr1NPrr0ALSGxG
Score

10^/10

quasar office04 discovery spyware trojan
- Quasar RAT
  Quasar is an open source Remote Access Tool.
  trojan spyware quasar
- Quasar family
  quasar
- Quasar payload
- Executes dropped EXE
- Loads dropped DLL
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

quasaroffice04discoveryspywaretrojan

behavioral2

quasaroffice04discoveryspywaretrojan