quasar | f3b37b062dac443be97891f5ca9992c41ed61d5517a85f9920a677b3660566fb | Triage

Sharing

General

Target

jrockekcurje.exe
Size

288KB
Sample

241213-l3yn5awrak
MD5

8a306aec318555fc080f94d5b7a9a2d0
SHA1

94f093f15e0b115bbc9dee803c68c104dcb54524
SHA256

f3b37b062dac443be97891f5ca9992c41ed61d5517a85f9920a677b3660566fb
SHA512

0fe708d879397787eb5c80f0b96d0e18b3264f81950e987d47669a73e49bc5fdf3c8260d6ad1d7f646b6c71d279c63d9b2e9f1fa5e17bc23d8177ef94cbe46d9
SSDEEP

6144:A7zO0LSclT6FOwEP5Kq+SMv0VGb7bDcllbk7n:+lJtTF9zVGkllbkr

Score

10^/10

quasar office discovery spyware trojan

Malware Config

Extracted

Family

quasar

Version

1.4.0.0

Botnet

Office

C2

45.136.51.217:5173

Mutex

QYKKiqqJ0K2HqPP0Mo

Attributes

encryption_key
rFGYI3uEIwvomle2u8mk
install_name
csrss.exe
log_directory
Logs
reconnect_delay
3000
startup_key
NET framework
subdirectory
SubDir

Targets

- Target
  
  jrockekcurje.exe
- Size
  
  288KB
- MD5
  
  8a306aec318555fc080f94d5b7a9a2d0
- SHA1
  
  94f093f15e0b115bbc9dee803c68c104dcb54524
- SHA256
  
  f3b37b062dac443be97891f5ca9992c41ed61d5517a85f9920a677b3660566fb
- SHA512
  
  0fe708d879397787eb5c80f0b96d0e18b3264f81950e987d47669a73e49bc5fdf3c8260d6ad1d7f646b6c71d279c63d9b2e9f1fa5e17bc23d8177ef94cbe46d9
- SSDEEP
  
  6144:A7zO0LSclT6FOwEP5Kq+SMv0VGb7bDcllbk7n:+lJtTF9zVGkllbkr
Score

10^/10

quasar office discovery spyware trojan
- Quasar RAT
  Quasar is an open source Remote Access Tool.
  trojan spyware quasar
- Quasar family
  quasar
- Quasar payload
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

quasarofficediscoveryspywaretrojan

behavioral2

quasarofficediscoveryspywaretrojan