quasar | 8a1776d4fc033ffa3b2a680df253b1a2f58db77b82adfd7debf3a60e3a979b2f | Triage

Sharing

General

Target

26e2495c2fa61cf0dadf028726236ad4.bin
Size

122KB
Sample

241202-bg639swpfk
MD5

0c1e2451638a05fd0f97c0c0c2166587
SHA1

3de03aecb690dbfdd1b5ca3b3587cd77a975666e
SHA256

8a1776d4fc033ffa3b2a680df253b1a2f58db77b82adfd7debf3a60e3a979b2f
SHA512

a32ef47677831ab42d7bdb29ce707ec52c41fa5b16a60e267678df13f51e41eeda53b168e54878c26762c3e7231e2b1165721592a901c69579ff7118ddf8efba
SSDEEP

3072:R8CpJYN+6326wSYI6ShDBSXFjhLMvPWnVLDttj0e4ui:RtCN+z6UI6ShFwxhM3WNj0pt

Score

10^/10

quasar office discovery spyware trojan

Malware Config

Extracted

Family

quasar

Version

1.4.0.0

Botnet

Office

C2

45.136.51.217:2222

Mutex

d1mBeqcqGummV1rEKw

Attributes

encryption_key
h9j7M9986eVjQwMbjacZ
install_name
csrss.exe
log_directory
Logs
reconnect_delay
3000
startup_key
NET framework
subdirectory
SubDir

Targets

- Target
  
  b19963afaca6cfb8252041c70bdeda48b029ac9be3411a61342490c48a472583.exe
- Size
  
  288KB
- MD5
  
  26e2495c2fa61cf0dadf028726236ad4
- SHA1
  
  de0da2ea7ce65724faedd3f8239c8559000a293f
- SHA256
  
  b19963afaca6cfb8252041c70bdeda48b029ac9be3411a61342490c48a472583
- SHA512
  
  7e66a4eb948a0f4be858d694a62a215cfe2b3215d6506d816cb8e09895731dd3f80222e030922f73a48b4d86525a4d7b680d40c7023886af3940b9eec07aa0fa
- SSDEEP
  
  6144:h7zO0LSclT6FOwEP5Kq+SMv0VGb7bDcllbkHn:xlJtTF9zVGkllbkH
Score

10^/10

quasar office discovery spyware trojan
- Quasar RAT
  Quasar is an open source Remote Access Tool.
  trojan spyware quasar
- Quasar family
  quasar
- Quasar payload
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

quasarofficediscoveryspywaretrojan

behavioral2

quasarofficediscoveryspywaretrojan