quasar | 3e2e9b64c2701ed6fdd503b5cd52dcda17909a3f9f5f0f6c6b42ef8c9ae23c95 | Triage

Submit
Reports

Overview

overview

Static

static

1

registry.html

windows7-x64

8

registry.html

windows10-2004-x64

Resubmissions

05-12-2024 20:18

241205-y3mm3szpcx 3

05-12-2024 12:32

241205-pqsh5avkc1 3

05-12-2024 12:24

241205-pk96zstrft 10

Sharing

General

Target

registry.exe
Size

1KB
Sample

241205-pk96zstrft
MD5

689a1880d6c5c0af7d0e3e567fe3df23
SHA1

0e6f59da774e68d9aa8e18ae06865c473a721900
SHA256

3e2e9b64c2701ed6fdd503b5cd52dcda17909a3f9f5f0f6c6b42ef8c9ae23c95
SHA512

2ea34967d9a2c2478734537731fda96017e97fef4fd8ede1ec025e4fef992ca99fb8c412b15569edd697d451f26c6bce589783e0393dfe9538c158a7f1207160

Score

10^/10

quasar office04 discovery spyware trojan

Static task

static1

Behavioral task

behavioral1

Sample

registry.html

Resource

win7-20240903-en

windows7-x64

7 signatures

150 seconds

Behavioral task

behavioral2

Sample

registry.html

Resource

win10v2004-20241007-en

quasar office04 discovery spyware trojan

windows10-2004-x64

19 signatures

150 seconds

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

Office04

C2

JonahOscendoskY-53420.portmap.host:53420

Mutex

f38ec230-fd60-44ab-91a9-17577e4487f9

Attributes

encryption_key
E127FB40EABF3C6167749BEDDDBC64167ED27B67
install_name
Registry.exe
log_directory
Logs
reconnect_delay
1000
startup_key
Registry
subdirectory
SubDir

Targets

- Target
  
  registry.exe
- Size
  
  1KB
- MD5
  
  689a1880d6c5c0af7d0e3e567fe3df23
- SHA1
  
  0e6f59da774e68d9aa8e18ae06865c473a721900
- SHA256
  
  3e2e9b64c2701ed6fdd503b5cd52dcda17909a3f9f5f0f6c6b42ef8c9ae23c95
- SHA512
  
  2ea34967d9a2c2478734537731fda96017e97fef4fd8ede1ec025e4fef992ca99fb8c412b15569edd697d451f26c6bce589783e0393dfe9538c158a7f1207160
Score

10^/10

discovery quasar office04 spyware trojan
- Quasar RAT
  Quasar is an open source Remote Access Tool.
  trojan spyware quasar
- Quasar family
  quasar
- Quasar payload
- Downloads MZ/PE file
- Executes dropped EXE
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Modify Registry

Credential Access

Discovery

Browser Information Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

quasaroffice04discoveryspywaretrojan

© 2018-2025

Terms | Privacy