Overview

overview

10

Static

static

10

864bec690d...ad.exe

windows7-x64

10

864bec690d...ad.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    864bec690da391f258de447606ac18baa79672b665ba321a4da67ed59d567cad.exe

  • Size

    3.1MB

  • Sample

    241228-c2ep7avkgl

  • MD5

    7f888b6cbd5062a7558eea61eb9a9ca2

  • SHA1

    2acfb5c3e7b8e569ea52397154b9b3ffb44e7d87

  • SHA256

    864bec690da391f258de447606ac18baa79672b665ba321a4da67ed59d567cad

  • SHA512

    7da70e844e0fce4b4bbc70db89503b95b6514cabf9ce9cf66fed643f6c11aafc5e7a8f385b5d16f7fa802cc47c9200bf486030834551d14c55078307ef7e93d8

  • SSDEEP

    49152:/v2lL26AaNeWgPhlmVqvMQ7XSKKQSYmzwXoGdVTHHB72eh2NT:/v2L26AaNeWgPhlmVqkQ7XSKKQSq

Score
10/10
quasaroffice04discoveryspywaretrojan

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

Office04

C2

llordiWasHere-55715.portmap.host:55715

Mutex

124c5996-13c0-46a2-804a-191042a109db

Attributes
  • encryption_key

    5F48258CBD7D9014A9443146E8A3D837D1715CAE

  • install_name

    Client.exe

  • log_directory

    Logs

  • reconnect_delay

    3000

  • startup_key

    Quasar Client Startup

  • subdirectory

    SubDir

Targets

    • Target

      864bec690da391f258de447606ac18baa79672b665ba321a4da67ed59d567cad.exe

    • Size

      3.1MB

    • MD5

      7f888b6cbd5062a7558eea61eb9a9ca2

    • SHA1

      2acfb5c3e7b8e569ea52397154b9b3ffb44e7d87

    • SHA256

      864bec690da391f258de447606ac18baa79672b665ba321a4da67ed59d567cad

    • SHA512

      7da70e844e0fce4b4bbc70db89503b95b6514cabf9ce9cf66fed643f6c11aafc5e7a8f385b5d16f7fa802cc47c9200bf486030834551d14c55078307ef7e93d8

    • SSDEEP

      49152:/v2lL26AaNeWgPhlmVqvMQ7XSKKQSYmzwXoGdVTHHB72eh2NT:/v2L26AaNeWgPhlmVqkQ7XSKKQSq

    Score
    10/10
    quasaroffice04discoveryspywaretrojan

    • Quasar RAT

      Quasar is an open source Remote Access Tool.

      trojanspywarequasar

    • Quasar family

      quasar

    • Quasar payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.