Overview

overview

10

Static

static

10

built.exe

windows7-x64

10

built.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    built.exe

  • Size

    3.1MB

  • Sample

    241217-g9g8hatpej

  • MD5

    a813f565b05ee9df7e5db8dbbcc0fa43

  • SHA1

    f508e738705163233b29ba54f4cb5ec4583d8df1

  • SHA256

    ba59fb813ff718db8a17c4e5d244793d2199383969843ad31d09727b5e5ff156

  • SHA512

    adb431c372c2e1d0f6019bedefe16a2253fcf76929ba7e2b9f9cc7a253137920615121a1a64f7003a43f39e8b17ace233daca32b2933b6953aa6cf558b834e2e

  • SSDEEP

    98304:aydj2yMy5en93hlLLzJjVrv3zs9Yv+Wcvy:pLYvzs9Yv+Wcv

Score
10/10
quasaroffice04discoveryspywaretrojan

Malware Config

Extracted

Family

quasar

Version

1.4.0

Botnet

Office04

C2

microsoftsys.ddns.net:4782

Mutex

67e0653d-eedf-4888-88ab-78e97eb2df27

Attributes
  • encryption_key

    23E5F6D22FEE1750D36544A759A48349B064BC34

  • install_name

    PerfWatson1.exe

  • log_directory

    Logs

  • reconnect_delay

    3000

  • startup_key

    svhost

  • subdirectory

    KDOT

Targets

    • Target

      built.exe

    • Size

      3.1MB

    • MD5

      a813f565b05ee9df7e5db8dbbcc0fa43

    • SHA1

      f508e738705163233b29ba54f4cb5ec4583d8df1

    • SHA256

      ba59fb813ff718db8a17c4e5d244793d2199383969843ad31d09727b5e5ff156

    • SHA512

      adb431c372c2e1d0f6019bedefe16a2253fcf76929ba7e2b9f9cc7a253137920615121a1a64f7003a43f39e8b17ace233daca32b2933b6953aa6cf558b834e2e

    • SSDEEP

      98304:aydj2yMy5en93hlLLzJjVrv3zs9Yv+Wcvy:pLYvzs9Yv+Wcv

    Score
    10/10
    quasaroffice04discoveryspywaretrojan

    • Quasar RAT

      Quasar is an open source Remote Access Tool.

      trojanspywarequasar

    • Quasar family

      quasar

    • Quasar payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks