quasar | 0ed68bd071d4ada79ef6ae867bef72436e980e4b8295ef5c005058756cbaf1c7 | Triage

Sharing

General

Target

Client-built.exe
Size

3.1MB
Sample

241211-hpegjswphq
MD5

e0699b38d78bd176894b991247cf6403
SHA1

bcd66b55530c7ed68983c7a01f6ec867ba5b5649
SHA256

0ed68bd071d4ada79ef6ae867bef72436e980e4b8295ef5c005058756cbaf1c7
SHA512

d132f2dc2f275cb02050e765f86db40951824a86edcbbcb937a6c444a5f151453a0aff859676b974e1b90baea1bc59054ed27fef6e523eb6e0c99120c67781c1
SSDEEP

49152:LvbI22SsaNYfdPBldt698dBcjHv/43OarfLoGdTTHHB72eh2NT:Lvk22SsaNYfdPBldt6+dBcjH437

Score

10^/10

quasar office04 spyware trojan

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

Office04

C2

192.168.1.58:4782

Mutex

1d5a53de-53d3-4349-abab-ee1b0579f85f

Attributes

encryption_key
56B4C4DAE2FF0461296EBCFD733DDB88E29C8E38
install_name
Client.exe
log_directory
Logs
reconnect_delay
3000
startup_key
Quasar Client Startup
subdirectory
SubDir

Targets

- Target
  
  Client-built.exe
- Size
  
  3.1MB
- MD5
  
  e0699b38d78bd176894b991247cf6403
- SHA1
  
  bcd66b55530c7ed68983c7a01f6ec867ba5b5649
- SHA256
  
  0ed68bd071d4ada79ef6ae867bef72436e980e4b8295ef5c005058756cbaf1c7
- SHA512
  
  d132f2dc2f275cb02050e765f86db40951824a86edcbbcb937a6c444a5f151453a0aff859676b974e1b90baea1bc59054ed27fef6e523eb6e0c99120c67781c1
- SSDEEP
  
  49152:LvbI22SsaNYfdPBldt698dBcjHv/43OarfLoGdTTHHB72eh2NT:Lvk22SsaNYfdPBldt6+dBcjH437
Score

10^/10

quasar office04 spyware trojan
- Quasar RAT
  Quasar is an open source Remote Access Tool.
  trojan spyware quasar
- Quasar family
  quasar
- Quasar payload
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

quasaroffice04spywaretrojan

behavioral2

quasaroffice04spywaretrojan