quasar | cccbae1f5f6c7792c6a54cc84fff79dbdd24f1e9b54527143316541d7375aee5 | Triage

Sharing

General

Target

b6d96813a4a0aaa4749f4f3643cf50d2_JaffaCakes118
Size

641KB
Sample

241202-fbx1mavrcl
MD5

b6d96813a4a0aaa4749f4f3643cf50d2
SHA1

1a92c6fd729b7a5d864a9fcc99c07b8edabf06a3
SHA256

cccbae1f5f6c7792c6a54cc84fff79dbdd24f1e9b54527143316541d7375aee5
SHA512

a2aeac591fb63b20abaadde09d4862ebd502368f865ead001c1288be7dd7df5f35ac31747c840f0e4c465ce4dc9e178d99a046bd31d636e6978e2d3cd4cfc06b
SSDEEP

12288:k2XhbUIb4tvvg/2SsajramsSZW9RdWUT5ug8+Xu5+GZH2U:hpU/t82SsaLsWdUT55+5rZH2U

Score

10^/10

quasar office04w discovery persistence spyware trojan

Malware Config

Extracted

Family

quasar

Version

1.4.0

Botnet

Office04w

C2

societyf500.ddns.net:5490

Mutex

f4264bdc-b486-4a30-a042-2bcfb907b3c7

Attributes

encryption_key
0204DFA093E27B72F1617CCEA6076BCCE5D0A482
install_name
dwmq.exe
log_directory
Logs
reconnect_delay
3000
startup_key
dwmq
subdirectory
explorer

Targets

- Target
  
  b6d96813a4a0aaa4749f4f3643cf50d2_JaffaCakes118
- Size
  
  641KB
- MD5
  
  b6d96813a4a0aaa4749f4f3643cf50d2
- SHA1
  
  1a92c6fd729b7a5d864a9fcc99c07b8edabf06a3
- SHA256
  
  cccbae1f5f6c7792c6a54cc84fff79dbdd24f1e9b54527143316541d7375aee5
- SHA512
  
  a2aeac591fb63b20abaadde09d4862ebd502368f865ead001c1288be7dd7df5f35ac31747c840f0e4c465ce4dc9e178d99a046bd31d636e6978e2d3cd4cfc06b
- SSDEEP
  
  12288:k2XhbUIb4tvvg/2SsajramsSZW9RdWUT5ug8+Xu5+GZH2U:hpU/t82SsaLsWdUT55+5rZH2U
Score

10^/10

quasar office04w discovery persistence spyware trojan
- Quasar RAT
  Quasar is an open source Remote Access Tool.
  trojan spyware quasar
- Quasar family
  quasar
- Quasar payload
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

quasaroffice04wdiscoverypersistencespywaretrojan

behavioral2

quasaroffice04wdiscoverypersistencespywaretrojan