quasar | 30efa81a5d0d9bf04a00b4e30823c2f0c7bd6461383acf0195d857edf2162543 | Triage

Sharing

General

Target

30efa81a5d0d9bf04a00b4e30823c2f0c7bd6461383acf0195d857edf2162543.exe
Size

288KB
Sample

250104-clz17axrgk
MD5

cc5e91e1a0c3ca5edf2bdba7fa252827
SHA1

004ba0788113ebb3bce8eaf63fa53c70caa91079
SHA256

30efa81a5d0d9bf04a00b4e30823c2f0c7bd6461383acf0195d857edf2162543
SHA512

14ee287465bc50dc16ad042d35a14f9e676f645dabf4c4dfbd8f225845e45ab73fee6c3d7967fe44a21994ddbd5b76d0cbd01ec0a2784f913587313c4a407249
SSDEEP

6144:E7zO0LSclT6FOwEP5Kq+SMv0VGb7bDcllbkln:6lJtTF9zVGkllbk5

Score

10^/10

quasar office discovery spyware trojan

Malware Config

Extracted

Family

quasar

Version

1.4.0.0

Botnet

Office

C2

85.192.29.60:5173

Mutex

QAPB6w0UbYXMvQdKRF

Attributes

encryption_key
pxC3g4rfVijQxK1hMGwM
install_name
csrss.exe
log_directory
Logs
reconnect_delay
3000
startup_key
NET framework
subdirectory
SubDir

Targets

- Target
  
  30efa81a5d0d9bf04a00b4e30823c2f0c7bd6461383acf0195d857edf2162543.exe
- Size
  
  288KB
- MD5
  
  cc5e91e1a0c3ca5edf2bdba7fa252827
- SHA1
  
  004ba0788113ebb3bce8eaf63fa53c70caa91079
- SHA256
  
  30efa81a5d0d9bf04a00b4e30823c2f0c7bd6461383acf0195d857edf2162543
- SHA512
  
  14ee287465bc50dc16ad042d35a14f9e676f645dabf4c4dfbd8f225845e45ab73fee6c3d7967fe44a21994ddbd5b76d0cbd01ec0a2784f913587313c4a407249
- SSDEEP
  
  6144:E7zO0LSclT6FOwEP5Kq+SMv0VGb7bDcllbkln:6lJtTF9zVGkllbk5
Score

10^/10

quasar office discovery spyware trojan
- Quasar RAT
  Quasar is an open source Remote Access Tool.
  trojan spyware quasar
- Quasar family
  quasar
- Quasar payload
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

quasarofficediscoveryspywaretrojan

behavioral2

quasarofficediscoveryspywaretrojan