quasar | 1a5f35980c44bc927abe47bef7435177f44f0d8a4c7632a6de4024e2716e85e0 | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

1a5f35980c...e0.exe

windows7-x64

1a5f35980c...e0.exe

windows10-2004-x64

Sharing

General

Target

1a5f35980c44bc927abe47bef7435177f44f0d8a4c7632a6de4024e2716e85e0.exe
Size

3.1MB
Sample

241210-hlq16ssmcq
MD5

fe9288f31b98a1d42d805ceba700fb39
SHA1

208a5912e6086a4a3266b9f11346ae77ad8a35ff
SHA256

1a5f35980c44bc927abe47bef7435177f44f0d8a4c7632a6de4024e2716e85e0
SHA512

b9adfd4e75be72198ff06447cd67d8f852625c3ef61eff9247dfd1e4941fae58866debdc4b8aa8921f5c448eec18e3106436896f79b70b47af6e2bdf64ccb2a9
SSDEEP

49152:Vvht62XlaSFNWPjljiFa2RoUYIdqWhybRjPLoGddJfTHHB72eh2NTd:VvL62XlaSFNWPjljiFXRoUYIdqWhWT6

Score

10^/10

quasar office04 spyware trojan

Static task

static1

office04 quasar

3 signatures

Behavioral task

behavioral1

Sample

1a5f35980c44bc927abe47bef7435177f44f0d8a4c7632a6de4024e2716e85e0.exe

Resource

win7-20240903-en

quasar office04 spyware trojan

windows7-x64

11 signatures

120 seconds

Behavioral task

behavioral2

Sample

1a5f35980c44bc927abe47bef7435177f44f0d8a4c7632a6de4024e2716e85e0.exe

Resource

win10v2004-20241007-en

quasar office04 spyware trojan

windows10-2004-x64

11 signatures

120 seconds

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

Office04

C2

192.168.0.17:5555

Mutex

3b1732e2-6a81-44bb-8d99-4472451b1cf3

Attributes

encryption_key
871AD53C1EE1C8F197D53D3E1DCA45CC62B82B8D
install_name
javaconfig.exe
log_directory
Logs
reconnect_delay
3000
startup_key
JavaUpdater
subdirectory
SubDir

Targets

- Target
  
  1a5f35980c44bc927abe47bef7435177f44f0d8a4c7632a6de4024e2716e85e0.exe
- Size
  
  3.1MB
- MD5
  
  fe9288f31b98a1d42d805ceba700fb39
- SHA1
  
  208a5912e6086a4a3266b9f11346ae77ad8a35ff
- SHA256
  
  1a5f35980c44bc927abe47bef7435177f44f0d8a4c7632a6de4024e2716e85e0
- SHA512
  
  b9adfd4e75be72198ff06447cd67d8f852625c3ef61eff9247dfd1e4941fae58866debdc4b8aa8921f5c448eec18e3106436896f79b70b47af6e2bdf64ccb2a9
- SSDEEP
  
  49152:Vvht62XlaSFNWPjljiFa2RoUYIdqWhybRjPLoGddJfTHHB72eh2NTd:VvL62XlaSFNWPjljiFXRoUYIdqWhWT6
Score

10^/10

quasar office04 spyware trojan
- Quasar RAT
  Quasar is an open source Remote Access Tool.
  trojan spyware quasar
- Quasar family
  quasar
- Quasar payload
- Executes dropped EXE
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

quasaroffice04spywaretrojan

behavioral2

quasaroffice04spywaretrojan

© 2018-2025

Terms | Privacy

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.