Overview

overview

10

Static

static

10

Client-built.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    79s
  • max time network
    83s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    28-12-2024 20:38

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Client-built.exe

  • Size

    3.1MB

  • MD5

    c94e39405f4ff6b5e5bcd0f221f7602d

  • SHA1

    1ed42e129448fe9c0e078c292b9638747c82c5d7

  • SHA256

    20e4551dddd4f64d90e97da62dc0befde72128d2b3995e251fb12c734b5c686b

  • SHA512

    19f420aca31adf075dfb32897c6efdbd6aa5d1129ee110bd19411e662bb3c0eff40f44dc639a40d3a2a67eb4a3cfd7ee024589caf9604ad439b08d46745cec94

  • SSDEEP

    49152:WvVuf2NUaNmwzPWlvdaKM7ZxTwEjRJ6EbR3LoGdFBCTHHB72eh2NT:Wvgf2NUaNmwzPWlvdaB7ZxTwEjRJ6O

Score
10/10
quasaroffice04spywaretrojan

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

Office04

C2

138.0.54.91:4782

192.168.3.5:4782

208.67.222.222:4782
Mutex

63563c99-67f3-4d20-8c7f-230c3d970b36

Attributes
  • encryption_key

    E22572FBAE45F5F894074ED475A27E306499B335

  • install_name

    Client.exe

  • log_directory

    Logs

  • reconnect_delay

    3000

  • startup_key

    Microsoft Link

  • subdirectory

    SubDir

Signatures

  • Quasar RAT

    Quasar is an open source Remote Access Tool.

    trojanspywarequasar
  • Quasar family
    quasar
  • Quasar payload 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SendNotifyMessage 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Client-built.exe
    "C:\Users\Admin\AppData\Local\Temp\Client-built.exe"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    PID:2184

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2184-0-0x00007FFEC6143000-0x00007FFEC6145000-memory.dmp

    Filesize

    8KB

    Download

  • memory/2184-1-0x0000000000EB0000-0x00000000011D4000-memory.dmp

    Filesize

    3.1MB

    Download

  • memory/2184-2-0x00007FFEC6140000-0x00007FFEC6C01000-memory.dmp

    Filesize

    10.8MB

    Download

  • memory/2184-3-0x000000001E130000-0x000000001E180000-memory.dmp

    Filesize

    320KB

    Download

  • memory/2184-4-0x000000001E240000-0x000000001E2F2000-memory.dmp

    Filesize

    712KB

    Download

  • memory/2184-5-0x00007FFEC6143000-0x00007FFEC6145000-memory.dmp

    Filesize

    8KB

    Download

  • memory/2184-6-0x00007FFEC6140000-0x00007FFEC6C01000-memory.dmp

    Filesize

    10.8MB

    Download