quasar | 20e4551dddd4f64d90e97da62dc0befde72128d2b3995e251fb12c734b5c686b | Triage

Sharing

General

Target

Client-built.exe
Size

3.1MB
Sample

241228-zep9qs1qes
MD5

c94e39405f4ff6b5e5bcd0f221f7602d
SHA1

1ed42e129448fe9c0e078c292b9638747c82c5d7
SHA256

20e4551dddd4f64d90e97da62dc0befde72128d2b3995e251fb12c734b5c686b
SHA512

19f420aca31adf075dfb32897c6efdbd6aa5d1129ee110bd19411e662bb3c0eff40f44dc639a40d3a2a67eb4a3cfd7ee024589caf9604ad439b08d46745cec94
SSDEEP

49152:WvVuf2NUaNmwzPWlvdaKM7ZxTwEjRJ6EbR3LoGdFBCTHHB72eh2NT:Wvgf2NUaNmwzPWlvdaB7ZxTwEjRJ6O

Score

10^/10

quasar office04 spyware trojan

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

Office04

C2

138.0.54.91:4782

192.168.3.5:4782

208.67.222.222:4782

Mutex

63563c99-67f3-4d20-8c7f-230c3d970b36

Attributes

encryption_key
E22572FBAE45F5F894074ED475A27E306499B335
install_name
Client.exe
log_directory
Logs
reconnect_delay
3000
startup_key
Microsoft Link
subdirectory
SubDir

Targets

- Target
  
  Client-built.exe
- Size
  
  3.1MB
- MD5
  
  c94e39405f4ff6b5e5bcd0f221f7602d
- SHA1
  
  1ed42e129448fe9c0e078c292b9638747c82c5d7
- SHA256
  
  20e4551dddd4f64d90e97da62dc0befde72128d2b3995e251fb12c734b5c686b
- SHA512
  
  19f420aca31adf075dfb32897c6efdbd6aa5d1129ee110bd19411e662bb3c0eff40f44dc639a40d3a2a67eb4a3cfd7ee024589caf9604ad439b08d46745cec94
- SSDEEP
  
  49152:WvVuf2NUaNmwzPWlvdaKM7ZxTwEjRJ6EbR3LoGdFBCTHHB72eh2NT:Wvgf2NUaNmwzPWlvdaB7ZxTwEjRJ6O
Score

10^/10

quasar office04 spyware trojan
- Quasar RAT
  Quasar is an open source Remote Access Tool.
  trojan spyware quasar
- Quasar family
  quasar
- Quasar payload
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

quasaroffice04spywaretrojan