quasar | 965b676b1f41d84e4db8100d4658eaaf99cebc90d2e2430bd48bcc7634d257d6 | Triage

Submit
Reports

Overview

overview

Static

static

AerisBoost...-2.exe

windows7-x64

AerisBoost...-2.exe

windows10-2004-x64

Sharing

General

Target

AerisBoostrapper-13-2.zip
Size

1.2MB
Sample

250105-y2v8tsxjhk
MD5

a592816082d74d974297695818fffcc7
SHA1

29d1292abd18cabc922538b078a8f73678c6a6f2
SHA256

965b676b1f41d84e4db8100d4658eaaf99cebc90d2e2430bd48bcc7634d257d6
SHA512

b3f330638ba3ea0c53477cf7bfda6de57f749e0c14f385afabd8497b9c05531beea0f8ad14cb151caa077390a72c0329e4e16ee7456226fc205735ebee70db34
SSDEEP

24576:m3K0XoHCW/HxEAijmMa77zBgFXKUQfC+ZVcOEZXOx5aQGh5hGopf8a85:mfoioHLwm577yA7n+OEZQ5fGhGop0a85

Score

10^/10

quasar office04 spyware trojan

Static task

static1

office04 quasar

3 signatures

Behavioral task

behavioral1

Sample

AerisBoostrapper-13-2.exe

Resource

win7-20240903-en

quasar office04 spyware trojan

windows7-x64

12 signatures

150 seconds

Behavioral task

behavioral2

Sample

AerisBoostrapper-13-2.exe

Resource

win10v2004-20241007-en

quasar office04 spyware trojan

windows10-2004-x64

12 signatures

150 seconds

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

Office04

C2

192.168.7.254:4782

Mutex

ec379305-a810-4d7e-97bd-07901661d993

Attributes

encryption_key
4F7174D194172642AE5CB98C8155E3A959E610E5
install_name
MsMpEng.exe
log_directory
Logs
reconnect_delay
3000
startup_key
Windows Security
subdirectory
SubDir

Targets

- Target
  
  AerisBoostrapper-13-2.exe
- Size
  
  3.1MB
- MD5
  
  e2a60937f0b261889509480a6aeccd28
- SHA1
  
  e7388a6fe6b26369bd049fcb9274676b8e799626
- SHA256
  
  d2c8622fb29e5e0b800926c2ace9dbfd35fe798bb81dd05f992016aafbbad059
- SHA512
  
  c517dcbe37fe6d55a763b7223b0f64073c46569b1afa8868ccf56ff1b0afce0c83eb3cce30bd0978a82a8cd60e0d5f7e4705890e304ba9f283f7023eb166fd36
- SSDEEP
  
  49152:xviI22SsaNYfdPBldt698dBcjH/HzhNmzLQoGdbTHHB72eh2NT:xvv22SsaNYfdPBldt6+dBcjHfzhR
Score

10^/10

quasar office04 spyware trojan
- Quasar RAT
  Quasar is an open source Remote Access Tool.
  trojan spyware quasar
- Quasar family
  quasar
- Quasar payload
- Executes dropped EXE
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

quasaroffice04spywaretrojan

behavioral2

quasaroffice04spywaretrojan

© 2018-2025

Terms | Privacy