quasar | b64b141eb3b3fa67f6605eb99b0e6f78eb5df7d483a2a0889821ccfac71a7a96 | Triage

Sharing

General

Target

jerniuiopu.exe
Size

288KB
Sample

241216-hmgtwsyqa1
MD5

d0d7ce7681200387de77c7ab2e2841cd
SHA1

8b6c4315e260954b6c33f450ad3baa9f79fe72e2
SHA256

b64b141eb3b3fa67f6605eb99b0e6f78eb5df7d483a2a0889821ccfac71a7a96
SHA512

bc3cfac3450cbc17ce8c9758f10c7e4034764f40a6797edd4a8eb6e95d6db9c5f46a46487a6e483ef0eed23243e9f92c0ea391a0416ebbc6854e2b9914ad9788
SSDEEP

6144:w7zO0LSclT6FOwEP5Kq+SMv0VGb7bDcllbk9n:OlJtTF9zVGkllbkh

Score

10^/10

quasar office discovery spyware trojan

Malware Config

Extracted

Family

quasar

Version

1.4.0.0

Botnet

Office

C2

82.117.243.110:5173

Mutex

yfsS9ida0wX8mgpdJC

Attributes

encryption_key
KDNBgA8jiBeGX1rj1dDt
install_name
csrss.exe
log_directory
Logs
reconnect_delay
3000
startup_key
NET framework
subdirectory
SubDir

Targets

- Target
  
  jerniuiopu.exe
- Size
  
  288KB
- MD5
  
  d0d7ce7681200387de77c7ab2e2841cd
- SHA1
  
  8b6c4315e260954b6c33f450ad3baa9f79fe72e2
- SHA256
  
  b64b141eb3b3fa67f6605eb99b0e6f78eb5df7d483a2a0889821ccfac71a7a96
- SHA512
  
  bc3cfac3450cbc17ce8c9758f10c7e4034764f40a6797edd4a8eb6e95d6db9c5f46a46487a6e483ef0eed23243e9f92c0ea391a0416ebbc6854e2b9914ad9788
- SSDEEP
  
  6144:w7zO0LSclT6FOwEP5Kq+SMv0VGb7bDcllbk9n:OlJtTF9zVGkllbkh
Score

10^/10

quasar office discovery spyware trojan
- Quasar RAT
  Quasar is an open source Remote Access Tool.
  trojan spyware quasar
- Quasar family
  quasar
- Quasar payload
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

quasarofficediscoveryspywaretrojan

behavioral2

quasarofficediscoveryspywaretrojan