quasar | c8cebb25512027ad70b61a647887fa4013489d2dc4294fce853b8363410c423d | Triage

Sharing

General

Target

install.bat
Size

595B
Sample

241211-jc6wpsxqbn
MD5

369f9a8a381c74880783423b98ed52c9
SHA1

3bd04c343b1c361d4e9383010cb0be2380c3dbdb
SHA256

c8cebb25512027ad70b61a647887fa4013489d2dc4294fce853b8363410c423d
SHA512

a139d4d0a7d3f0f6a28690df219cb14adf6a4f0a7ff365bb1e8142ddf8be136ea919e44e4f3108d8fcf344031bff127c701d91b2949501e83d26fdbd6b746c7b

Score

10^/10

quasar office04 execution spyware trojan

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

Office04

C2

Dystopian-62863.portmap.host:62863

Mutex

e1de8f9b-5a7a-4798-a6fb-c03591ef3442

Attributes

encryption_key
8C1BB32BFD240218BA0CB04D65341FB1FDE1E001
install_name
Client.exe
log_directory
Logs
reconnect_delay
3000
startup_key
SubStart
subdirectory
SubDir

Targets

- Target
  
  install.bat
- Size
  
  595B
- MD5
  
  369f9a8a381c74880783423b98ed52c9
- SHA1
  
  3bd04c343b1c361d4e9383010cb0be2380c3dbdb
- SHA256
  
  c8cebb25512027ad70b61a647887fa4013489d2dc4294fce853b8363410c423d
- SHA512
  
  a139d4d0a7d3f0f6a28690df219cb14adf6a4f0a7ff365bb1e8142ddf8be136ea919e44e4f3108d8fcf344031bff127c701d91b2949501e83d26fdbd6b746c7b
Score

10^/10

execution quasar office04 spyware trojan
- Quasar RAT
  Quasar is an open source Remote Access Tool.
  trojan spyware quasar
- Quasar family
  quasar
- Quasar payload
- Blocklisted process makes network request
- Command and Scripting Interpreter: PowerShell
  Start PowerShell.
  execution
- Command and Scripting Interpreter: PowerShell
  Using powershell.exe command.
  execution
- Downloads MZ/PE file
- Executes dropped EXE
- Legitimate hosting services abused for malware hosting/C2
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

quasaroffice04executionspywaretrojan