Overview

overview

10

Static

static

1

URLScan

urlscan

https://github.com/q...

windows11-21h2-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    https://github.com/quasar/Quasar

  • Sample

    241220-16sdvawlap

Score
10/10
quasarmicrosoft-office-365discoveryphishingspywaretrojan

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

microsoft-office-365

C2

111.111.111.11:4782

Mutex

ecd2909b-2d5c-42d7-b9ca-2dc06383b25b

Attributes
  • encryption_key

    7D55309135DCD3C7F1577862EAC1BBF3B1375D2F

  • install_name

    microsoft-word.exe

  • log_directory

    key

  • reconnect_delay

    3000

  • startup_key

    microsoft-word.exe

  • subdirectory

    microsoft-office-365

Targets

    • Target

      https://github.com/quasar/Quasar

    Score
    10/10
    quasarmicrosoft-office-365discoveryphishingspywaretrojan

    • Quasar RAT

      Quasar is an open source Remote Access Tool.

      trojanspywarequasar

    • Quasar family

      quasar

    • Quasar payload

    • A potential corporate email address has been identified in the URL: currency-file@1

      phishing

    • Executes dropped EXE

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral1

MITRE ATT&CK Enterprise v15

Tasks