quasar | 8b507e7ba319bcbf1a13540ec20ad4f31d667a6a1cc99e091fc2f74066123c78 | Triage

Sharing

General

Target

poo virus grr.rar
Size

1.0MB
Sample

241215-dj1elstpdl
MD5

188f727e3be9e5d89c86d843441386f8
SHA1

d84ecac02426ab30a66de06c7ec72e52a0eaad6d
SHA256

8b507e7ba319bcbf1a13540ec20ad4f31d667a6a1cc99e091fc2f74066123c78
SHA512

332358be50280c6005b95fc5fc288ab767abb0162c6f0ddd19fab8e4c5dd22f46ea2f724cac63baaf53086b7d095d04527d55a10796275fc9ecedd0f117c1718
SSDEEP

24576:2zGoqxxbY9XIPD7Ltr4ol2iu0kiOiIBIvWCcxdxq:2wxxiXIHLyolt/7DIGvsxd0

Score

10^/10

quasar office04 discovery spyware trojan

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

Office04

C2

181.99.66.83:4782

Mutex

7b23506c-ff83-4362-93b4-b99c14429834

Attributes

encryption_key
7A8E2417AD5EAA788488BDF81FE6CACB01258933
install_name
Client.exe
log_directory
Logs
reconnect_delay
3000
startup_key
Quasar Client Startup
subdirectory
SubDir

Targets

- Target
  
  poo virus grr.rar
- Size
  
  1.0MB
- MD5
  
  188f727e3be9e5d89c86d843441386f8
- SHA1
  
  d84ecac02426ab30a66de06c7ec72e52a0eaad6d
- SHA256
  
  8b507e7ba319bcbf1a13540ec20ad4f31d667a6a1cc99e091fc2f74066123c78
- SHA512
  
  332358be50280c6005b95fc5fc288ab767abb0162c6f0ddd19fab8e4c5dd22f46ea2f724cac63baaf53086b7d095d04527d55a10796275fc9ecedd0f117c1718
- SSDEEP
  
  24576:2zGoqxxbY9XIPD7Ltr4ol2iu0kiOiIBIvWCcxdxq:2wxxiXIHLyolt/7DIGvsxd0
Score

10^/10

quasar office04 discovery spyware trojan
- Quasar RAT
  Quasar is an open source Remote Access Tool.
  trojan spyware quasar
- Quasar family
  quasar
- Quasar payload
- Executes dropped EXE
behavioral1
- Target
  
  poo virus grr/activate virus [logs ur device].exe
- Size
  
  3.1MB
- MD5
  
  7f604852d7713ce48e754d05cfdb9c2e
- SHA1
  
  8caa2ea8644f0014d8949edf576b008de2fcde75
- SHA256
  
  db706cddf84bb9d83cda2cc00e6832e26daa6592eef27fc37d39eccdc683e5d4
- SHA512
  
  a36e50b1426e990c1130a309bf453657561b646b3160c1e3a3f4d46b02bf24706982f635be627521a909a61b8fa57f0fbcc108cb1c340a37f86725bc38454ef7
- SSDEEP
  
  49152:DvyI22SsaNYfdPBldt698dBcjHDXUue8LzCoGhtTHHB72eh2NT:Dvf22SsaNYfdPBldt6+dBcjHDXUu0
Score

10^/10

quasar office04 spyware trojan
- Quasar RAT
  Quasar is an open source Remote Access Tool.
  trojan spyware quasar
- Quasar family
  quasar
- Quasar payload
- Executes dropped EXE
behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

quasaroffice04discoveryspywaretrojan

behavioral2

quasaroffice04spywaretrojan