quasar | 5fb2ada2fd81c7b0ed6e517e92900c6336323bc9f1b7fb19989e9a4e44ef0213 | Triage

Submit
Reports

Overview

overview

Static

static

Client-built.exe

windows7-x64

Client-built.exe

windows10-2004-x64

Sharing

General

Target

Client-built.exe
Size

3.1MB
Sample

241228-v55d5azrbp
MD5

73a3341a9194801bc9024e6b8f963258
SHA1

7c10750556e5eba8e9872432561f76d010d519f3
SHA256

5fb2ada2fd81c7b0ed6e517e92900c6336323bc9f1b7fb19989e9a4e44ef0213
SHA512

629756335bcb53b1fde013c4c090f580b622bafe6d340bba0b9d1d53c3acc0719dbae025fb389ccad1bc298835a76077607f34a3ededa6e701d3dacabac375f7
SSDEEP

49152:Cv5G42pda6D+/PjlLOlg6yQipVil6bn1JqLoGdbTHHB72eh2NT:Cvo42pda6D+/PjlLOlZyQipVLbM

Score

10^/10

quasar office04 spyware trojan

Static task

static1

office04 quasar

3 signatures

Behavioral task

behavioral1

Sample

Client-built.exe

Resource

win7-20241023-en

quasar office04 spyware trojan

windows7-x64

12 signatures

150 seconds

Behavioral task

behavioral2

Sample

Client-built.exe

Resource

win10v2004-20241007-en

quasar office04 spyware trojan

windows10-2004-x64

12 signatures

150 seconds

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

Office04

C2

auto-london.gl.at.ply.gg:51655

facilities-desktop.gl.at.ply.gg:5987

Mutex

1ae47733-5e8b-44b5-b988-3cb4dd5ded05

Attributes

encryption_key
3C8DD6CA308BD63A3F09A62959EA7F529CD3E4F7
install_name
bob123.exe
log_directory
Logs
reconnect_delay
0
startup_key
SytemUpd
subdirectory
SubDir

Targets

- Target
  
  Client-built.exe
- Size
  
  3.1MB
- MD5
  
  73a3341a9194801bc9024e6b8f963258
- SHA1
  
  7c10750556e5eba8e9872432561f76d010d519f3
- SHA256
  
  5fb2ada2fd81c7b0ed6e517e92900c6336323bc9f1b7fb19989e9a4e44ef0213
- SHA512
  
  629756335bcb53b1fde013c4c090f580b622bafe6d340bba0b9d1d53c3acc0719dbae025fb389ccad1bc298835a76077607f34a3ededa6e701d3dacabac375f7
- SSDEEP
  
  49152:Cv5G42pda6D+/PjlLOlg6yQipVil6bn1JqLoGdbTHHB72eh2NT:Cvo42pda6D+/PjlLOlZyQipVLbM
Score

10^/10

quasar office04 spyware trojan
- Quasar RAT
  Quasar is an open source Remote Access Tool.
  trojan spyware quasar
- Quasar family
  quasar
- Quasar payload
- Executes dropped EXE
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

quasaroffice04spywaretrojan

behavioral2

quasaroffice04spywaretrojan

© 2018-2024

Terms | Privacy