quasar | ce179bf67e184c300fbc5b796ef511c14470a9d3c970298bc8e52beaf7fb1195 | Triage

Sharing

General

Target

BITCOIN GEN PRIVATE.zip
Size

1.2MB
Sample

241230-dxwctawqat
MD5

2e0fc78070cbd8de4396acfe491986ac
SHA1

f6bf2b612f83f90483d12792696f9529840ad3ac
SHA256

ce179bf67e184c300fbc5b796ef511c14470a9d3c970298bc8e52beaf7fb1195
SHA512

dfcb0391f27912eb0bef5ba9dcfcfaff38f9a6886ffbd23e2ca70ec66a203050fbbe22544894936653cf99bc2c86948692b0e43e87377a5088c59a079167b814
SSDEEP

24576:2pXWKEEizZPwD9NzHNTjInXCzJ9tgNODSY/X/ifKsxA42DUSL6/:2lW12zFISWisxA42Yw6/

Score

10^/10

quasar office04 discovery spyware trojan

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

Office04

C2

192.168.56.1:4782

Mutex

275f2628-c225-4b94-8c3e-6fb61e5e53af

Attributes

encryption_key
F72BC567B8A2606D9029D70BA29A969A6DEB42D8
install_name
Client.exe
log_directory
Logs
reconnect_delay
3000
startup_key
Quasar Client Startup
subdirectory
SubDir

Targets

- Target
  
  BITCOIN GEN PRIVATE.zip
- Size
  
  1.2MB
- MD5
  
  2e0fc78070cbd8de4396acfe491986ac
- SHA1
  
  f6bf2b612f83f90483d12792696f9529840ad3ac
- SHA256
  
  ce179bf67e184c300fbc5b796ef511c14470a9d3c970298bc8e52beaf7fb1195
- SHA512
  
  dfcb0391f27912eb0bef5ba9dcfcfaff38f9a6886ffbd23e2ca70ec66a203050fbbe22544894936653cf99bc2c86948692b0e43e87377a5088c59a079167b814
- SSDEEP
  
  24576:2pXWKEEizZPwD9NzHNTjInXCzJ9tgNODSY/X/ifKsxA42DUSL6/:2lW12zFISWisxA42Yw6/
Score

1^/10
behavioral1
- Target
  
  BITCOIN GEN PRIVATE/Bitcoingens.pdf.exe
- Size
  
  3.1MB
- MD5
  
  571474cb077262465a4ff6747023b90b
- SHA1
  
  be44641489168160ed22ab2b57658a94394441b6
- SHA256
  
  2ba889c691dea990e030ef2707a242017df0f094d8d1eadb37343e82f6417e3f
- SHA512
  
  e34117b3c5567843019f84d3b8b849404f4463f67188ed26241839c91e91275c4f916a7bde5dcaaeb0fa625e7bbaf682d60a91ec28d01deaafac3e7afb39ee15
- SSDEEP
  
  49152:WvbI22SsaNYfdPBldt698dBcjH8xRJ6AbR3LoGdUVXmCTHHB72eh2NT:Wvk22SsaNYfdPBldt6+dBcjH8xRJ6al
Score

10^/10

quasar office04 discovery spyware trojan
- Quasar RAT
  Quasar is an open source Remote Access Tool.
  trojan spyware quasar
- Quasar family
  quasar
- Quasar payload
- Executes dropped EXE
behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

quasaroffice04discoveryspywaretrojan