quasar | 999c3250ba74a3e401da7fb983f0365a55e2a42b69e572b95e754f8e0d4cc4c9 | Triage

Submit
Reports

Overview

overview

Static

static

1

Quasar

windows11-21h2-x64

Sharing

General

Target

Quasar
Size

305KB
Sample

250113-2q1kyszles
MD5

0e0ab4ddee16ec1af8d986e981381b01
SHA1

3556b207a3967446f61c8bbf298ffce01c3f898a
SHA256

999c3250ba74a3e401da7fb983f0365a55e2a42b69e572b95e754f8e0d4cc4c9
SHA512

9145440444f5db46a6380d881ef4401f3dab988866d116da559e8680bde72c77ba9687af3b476fd5a9c77a7aa05c428afc06c27ace35f2197cdd5d426fbcad1a
SSDEEP

6144:o4NBipOL/saqkPV9Fe2LtcIDSsmww9cvZJT3CqbMrhryf65NRPaCieMjAkvCJv10:ZNBipOL/saqkPV9Fe2LtcIDSsmww9cvr

Score

10^/10

quasar office04 discovery spyware trojan

Static task

static1

Behavioral task

behavioral1

Sample

Quasar

Resource

win11-20241007-en

quasar office04 discovery spyware trojan

windows11-21h2-x64

25 signatures

150 seconds

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

Office04

C2

10.127.0.53:4782

Mutex

a69487ff-9e36-48b3-8bdf-335110675dcc

Attributes

encryption_key
F896C2A59B352C1444486E272CABC07D6E429F8D
install_name
Client.exe
log_directory
Logs
reconnect_delay
3000
startup_key
Quasar Client Startup
subdirectory
SubDir

Targets

- Target
  
  Quasar
- Size
  
  305KB
- MD5
  
  0e0ab4ddee16ec1af8d986e981381b01
- SHA1
  
  3556b207a3967446f61c8bbf298ffce01c3f898a
- SHA256
  
  999c3250ba74a3e401da7fb983f0365a55e2a42b69e572b95e754f8e0d4cc4c9
- SHA512
  
  9145440444f5db46a6380d881ef4401f3dab988866d116da559e8680bde72c77ba9687af3b476fd5a9c77a7aa05c428afc06c27ace35f2197cdd5d426fbcad1a
- SSDEEP
  
  6144:o4NBipOL/saqkPV9Fe2LtcIDSsmww9cvZJT3CqbMrhryf65NRPaCieMjAkvCJv10:ZNBipOL/saqkPV9Fe2LtcIDSsmww9cvr
Score

10^/10

quasar office04 discovery spyware trojan
- Quasar RAT
  Quasar is an open source Remote Access Tool.
  trojan spyware quasar
- Quasar family
  quasar
- Quasar payload
- Executes dropped EXE
- Legitimate hosting services abused for malware hosting/C2
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Modify Registry

Credential Access

Discovery

Browser Information Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

quasaroffice04discoveryspywaretrojan

© 2018-2025

Terms | Privacy