Overview

overview

10

Static

static

1

URLScan

urlscan

https://www.youtube....

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    https://www.youtube.com/redirect?event=comments&redir_token=QUFFLUhqbUFNMTZlU0pNamkydUZkVFBySWNoV2p4VWc5QXxBQ3Jtc0tuZnVWajl1TVUtdDhTTmJINVd2ZWdWb1dGUFcxUGViSHVsTGkzbnFNQ0IxMXJtT2tCQ2s2eXFHcklNZVBvVHh2bTBCcUNBMFhxVTFRZHhFQ3dLX2M4R0tOYV92Q3Fhc2N4d2FvVFMzOUFSaHFBZzI3aw&q=https%3A%2F%2Frkns.link%2Fxgiz1

  • Sample

    250104-xqma4ssmht

Score
10/10
quasaroffice04discoveryphishingspywaretrojan

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

Office04

C2

192.168.0.28:4782

Mutex

21dc5e45-8c42-4e7e-a882-b318788e9ca8

Attributes
  • encryption_key

    C77A16FAC6C225B2DB880A8156F0D384EB290A9E

  • install_name

    Client.exe

  • log_directory

    Logs

  • reconnect_delay

    3000

  • startup_key

    Boostrapper

  • subdirectory

    SubDir

Targets

    • Target

      https://www.youtube.com/redirect?event=comments&redir_token=QUFFLUhqbUFNMTZlU0pNamkydUZkVFBySWNoV2p4VWc5QXxBQ3Jtc0tuZnVWajl1TVUtdDhTTmJINVd2ZWdWb1dGUFcxUGViSHVsTGkzbnFNQ0IxMXJtT2tCQ2s2eXFHcklNZVBvVHh2bTBCcUNBMFhxVTFRZHhFQ3dLX2M4R0tOYV92Q3Fhc2N4d2FvVFMzOUFSaHFBZzI3aw&q=https%3A%2F%2Frkns.link%2Fxgiz1

    Score
    10/10
    quasaroffice04discoveryphishingspywaretrojan

    • Quasar RAT

      Quasar is an open source Remote Access Tool.

      trojanspywarequasar

    • Quasar family

      quasar

    • Quasar payload

    • Downloads MZ/PE file

    • A potential corporate email address has been identified in the URL: httpswww.youtube.com@mray20081subconfirmation1cbrd1

      phishing

    • Executes dropped EXE

    behavioral1

MITRE ATT&CK Enterprise v15

Tasks