quasar | ccb17adb4b57a95a61acb010c01da98dc150be67a85df2ab40ba9d1f078f8373 | Triage

Submit
Reports

Overview

overview

Static

static

better.exe

windows10-2004-x64

Sharing

General

Target

better.exe
Size

3.1MB
Sample

250102-sxy62azjej
MD5

47ec64e3d129b23c44f417cbc2a07aa7
SHA1

e65fbcf69e6e808ebe7bc9b13e483c5fc80d5fa2
SHA256

ccb17adb4b57a95a61acb010c01da98dc150be67a85df2ab40ba9d1f078f8373
SHA512

52247a235b708e98efcf977fd109344e16df9c5a9f13ad5afd395df3f009d9ee6edf81fef9d74a31a9fdec1f851e61642912eb9bc8384b39042b70f9d8b7d510
SSDEEP

49152:PvrlL26AaNeWgPhlmVqvMQ7XSKTxPEakPk/LCyoGdzTHHB72eh2NT:PvRL26AaNeWgPhlmVqkQ7XSKTxhv

Score

10^/10

quasar office04 discovery spyware trojan

Static task

static1

office04 quasar

3 signatures

Behavioral task

behavioral1

Sample

better.exe

Resource

win10v2004-20241007-en

quasar office04 discovery spyware trojan

windows10-2004-x64

16 signatures

150 seconds

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

Office04

C2

himato667-58401.portmap.host:58401

Mutex

0e2bc079-3316-407c-a26f-115195d9fe5b

Attributes

encryption_key
D14CC6B8490A41A48C1E115285B6932B9A857EA0
install_name
Client.exe
log_directory
Logs
reconnect_delay
3000
startup_key
Quasar Client Startup
subdirectory
SubDir

Targets

- Target
  
  better.exe
- Size
  
  3.1MB
- MD5
  
  47ec64e3d129b23c44f417cbc2a07aa7
- SHA1
  
  e65fbcf69e6e808ebe7bc9b13e483c5fc80d5fa2
- SHA256
  
  ccb17adb4b57a95a61acb010c01da98dc150be67a85df2ab40ba9d1f078f8373
- SHA512
  
  52247a235b708e98efcf977fd109344e16df9c5a9f13ad5afd395df3f009d9ee6edf81fef9d74a31a9fdec1f851e61642912eb9bc8384b39042b70f9d8b7d510
- SSDEEP
  
  49152:PvrlL26AaNeWgPhlmVqvMQ7XSKTxPEakPk/LCyoGdzTHHB72eh2NT:PvRL26AaNeWgPhlmVqkQ7XSKTxhv
Score

10^/10

quasar office04 discovery spyware trojan
- Quasar RAT
  Quasar is an open source Remote Access Tool.
  trojan spyware quasar
- Quasar family
  quasar
- Quasar payload
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Drops file in System32 directory
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

Remote System Discovery

System Information Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

quasaroffice04discoveryspywaretrojan

© 2018-2025

Terms | Privacy