Overview

overview

10

Static

static

1

URLScan

urlscan

1

https://download1326...

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    https://download1326.mediafire.com/zh4hbc1b82tgRgff_5hzg2Z_0HVedf3-JIQrwAo72a08MYE3OMaNoc5OtY0WNK803szdWKQzRSnJsnrBh-p02oIlIZx_UiShLave_vjLbWxHP_uryGxuRjWykCghIa_cgZG2rekX7fW7o7OAtyI1kncmTbWD0kKw-cqj54dWOODp/f6yljbkhlomf6mq/pygamerat.rar

  • Sample

    241213-qzg97aznfx

Score
10/10
quasaroffice04discoveryphishingspywaretrojan

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

Office04

C2

192.168.56.1:4782

Mutex

a2375055-d323-4f14-953b-13f74ff9f85a

Attributes
  • encryption_key

    36B9F39EDDE38B2DC6E38AA9208FBAD7687FDB50

  • install_name

    Pygame.exe

  • log_directory

    Logs

  • reconnect_delay

    3000

  • startup_key

    Quasar Client Startup

  • subdirectory

    SubDir

Targets

    • Target

      https://download1326.mediafire.com/zh4hbc1b82tgRgff_5hzg2Z_0HVedf3-JIQrwAo72a08MYE3OMaNoc5OtY0WNK803szdWKQzRSnJsnrBh-p02oIlIZx_UiShLave_vjLbWxHP_uryGxuRjWykCghIa_cgZG2rekX7fW7o7OAtyI1kncmTbWD0kKw-cqj54dWOODp/f6yljbkhlomf6mq/pygamerat.rar

    Score
    10/10
    quasaroffice04discoveryphishingspywaretrojan

    • Quasar RAT

      Quasar is an open source Remote Access Tool.

      trojanspywarequasar

    • Quasar family

      quasar

    • Quasar payload

    • A potential corporate email address has been identified in the URL: [email protected]

      phishing

    • Executes dropped EXE

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral1

MITRE ATT&CK Enterprise v15

Tasks