Overview

overview

10

Static

static

10

Client-built.exe

windows11-21h2-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Client-built.exe

  • Size

    3.1MB

  • Sample

    250111-hkqn1sskdm

  • MD5

    bc1d1f704a0f37aaa31d8da25618926d

  • SHA1

    f4660775a087c298f06ea418ed31d678eea08922

  • SHA256

    d235809f999353ba99369eb3f2df5a32c400954bbd852f6842edf8cd5ad1a8d6

  • SHA512

    84316eab0534d14ab956f52117a156071c7a930a670a5a77c109b7bb09df08b6d1b9871e97e4b4e844dcc9211f8883af9ed87ae96fa422082ecf0a7f99defee1

  • SSDEEP

    49152:KvmI22SsaNYfdPBldt698dBcjHvVRJ61bR3LoGdZxTHHB72eh2NT:Kvr22SsaNYfdPBldt6+dBcjHvVRJ6H

Score
10/10
quasaroffice04discoveryspywaretrojan

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

Office04

C2

192.168.1.77:4782

Mutex

a45d6a9d-6557-4b6f-b798-0ec5ffcaa226

Attributes
  • encryption_key

    312B6A0B5118D6087CCF93301A6FDB0B736544CA

  • install_name

    Client.exe

  • log_directory

    Logs

  • reconnect_delay

    3000

  • startup_key

    Quasar Client Startup

  • subdirectory

    SubDir

Targets

    • Target

      Client-built.exe

    • Size

      3.1MB

    • MD5

      bc1d1f704a0f37aaa31d8da25618926d

    • SHA1

      f4660775a087c298f06ea418ed31d678eea08922

    • SHA256

      d235809f999353ba99369eb3f2df5a32c400954bbd852f6842edf8cd5ad1a8d6

    • SHA512

      84316eab0534d14ab956f52117a156071c7a930a670a5a77c109b7bb09df08b6d1b9871e97e4b4e844dcc9211f8883af9ed87ae96fa422082ecf0a7f99defee1

    • SSDEEP

      49152:KvmI22SsaNYfdPBldt698dBcjHvVRJ61bR3LoGdZxTHHB72eh2NT:Kvr22SsaNYfdPBldt6+dBcjHvVRJ6H

    Score
    10/10
    quasaroffice04discoveryspywaretrojan

    • Quasar RAT

      Quasar is an open source Remote Access Tool.

      trojanspywarequasar

    • Quasar family

      quasar

    • Quasar payload

    • Executes dropped EXE

    behavioral1

MITRE ATT&CK Enterprise v15

Tasks