Overview

overview

10

Static

static

10

Client-built.exe

windows7-x64

10

Client-built.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Client-built.exe

  • Size

    3.1MB

  • Sample

    250104-l4chaavkbw

  • MD5

    00213fcafbc3094166240f85a2113a48

  • SHA1

    bca3cb12ffc1deecaa48e75fd044d12bbbfdc7be

  • SHA256

    f84484392271761f6894d474af57c959f72b40bf0afbd3ff00c34d9aaadd49f6

  • SHA512

    b048cc823268d731b0b35600723cb4a58fa108f1ef48f1ebad7b522a6c8656c981e363d5a908403b1ef20909d2624c325d22df2143774190b12f5fcb3741fa10

  • SSDEEP

    49152:rvmI22SsaNYfdPBldt698dBcjHGCW1JbLoGd4THHB72eh2NT:rvr22SsaNYfdPBldt6+dBcjHGCi

Score
10/10
quasaroffice04spywaretrojan

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

Office04

C2

192.168.1.46:4782

Mutex

f6997eed-21d3-4b8e-b10b-56ea04111c63

Attributes
  • encryption_key

    7E7C408B51CEDDF4082BCC64D506AE67B3B3044D

  • install_name

    Client.exe

  • log_directory

    Logs

  • reconnect_delay

    3000

  • startup_key

    Quasar Client Startup

  • subdirectory

    SubDir

Targets

    • Target

      Client-built.exe

    • Size

      3.1MB

    • MD5

      00213fcafbc3094166240f85a2113a48

    • SHA1

      bca3cb12ffc1deecaa48e75fd044d12bbbfdc7be

    • SHA256

      f84484392271761f6894d474af57c959f72b40bf0afbd3ff00c34d9aaadd49f6

    • SHA512

      b048cc823268d731b0b35600723cb4a58fa108f1ef48f1ebad7b522a6c8656c981e363d5a908403b1ef20909d2624c325d22df2143774190b12f5fcb3741fa10

    • SSDEEP

      49152:rvmI22SsaNYfdPBldt698dBcjHGCW1JbLoGd4THHB72eh2NT:rvr22SsaNYfdPBldt6+dBcjHGCi

    Score
    10/10
    quasaroffice04spywaretrojan

    • Quasar RAT

      Quasar is an open source Remote Access Tool.

      trojanspywarequasar

    • Quasar family

      quasar

    • Quasar payload

    • Executes dropped EXE

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks