quasar | a9fc07683b0c89a1a3cfba37fd4548e6b28ebf334dca8cf79d4edada41ece724 | Triage

Submit
Reports

Overview

overview

Static

static

1

Top4smm Di...do.zip

windows10-ltsc 2021-x64

Sharing

General

Target

Top4smm Dinero Ilimitado.zip
Size

1.1MB
Sample

241202-esrphavjak
MD5

bfa47aae21e145867fa2536f3adb0fbb
SHA1

b7b6eaccdf32b323421b75ad8e4e420a4527b151
SHA256

a9fc07683b0c89a1a3cfba37fd4548e6b28ebf334dca8cf79d4edada41ece724
SHA512

8ca4870f1949aaf6476b3ed18bfa5764110184242d0ae2d631b28b618cb167ec4de3267776be67a6bfd1de66e5f777fc75d25a8de2c75ef16578637f514906ae
SSDEEP

24576:+NEcxEieY4MkUNZfAzaSbhDmRsYyAo1GMvTSplXql0pDAkddsid2g4:6Ecx5UUnfW9qRU4E2lXSH0sidD4

Score

10^/10

quasar office04 discovery spyware trojan

Static task

static1

Behavioral task

behavioral1

Sample

Top4smm Dinero Ilimitado.zip

Resource

win10ltsc2021-20241023-en

quasar office04 discovery spyware trojan

windows10-ltsc 2021-x64

18 signatures

150 seconds

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

Office04

C2

azxq0ap.localto.net:3425

Mutex

e51e2b65-e963-4051-9736-67d57ed46798

Attributes

encryption_key
AEA258EF65BF1786F0F767C0BE2497ECC304C46F
install_name
WindowsUpdate.exe
log_directory
Logs
reconnect_delay
3000
startup_key
WindowsUpdate
subdirectory
SubDir

Targets

- Target
  
  Top4smm Dinero Ilimitado.zip
- Size
  
  1.1MB
- MD5
  
  bfa47aae21e145867fa2536f3adb0fbb
- SHA1
  
  b7b6eaccdf32b323421b75ad8e4e420a4527b151
- SHA256
  
  a9fc07683b0c89a1a3cfba37fd4548e6b28ebf334dca8cf79d4edada41ece724
- SHA512
  
  8ca4870f1949aaf6476b3ed18bfa5764110184242d0ae2d631b28b618cb167ec4de3267776be67a6bfd1de66e5f777fc75d25a8de2c75ef16578637f514906ae
- SSDEEP
  
  24576:+NEcxEieY4MkUNZfAzaSbhDmRsYyAo1GMvTSplXql0pDAkddsid2g4:6Ecx5UUnfW9qRU4E2lXSH0sidD4
Score

10^/10

quasar office04 discovery spyware trojan
- Quasar RAT
  Quasar is an open source Remote Access Tool.
  trojan spyware quasar
- Quasar family
  quasar
- Quasar payload
- Executes dropped EXE
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

quasaroffice04discoveryspywaretrojan

© 2018-2024

Terms | Privacy