quasar | 310aa0b2e7d5cda89657fea41c2a840f0a2344b5d42a7461f36e76dbb1ddb75d | Triage

Sharing

General

Target

310aa0b2e7d5cda89657fea41c2a840f0a2344b5d42a7461f36e76dbb1ddb75d.exe
Size

3.1MB
Sample

250116-wgzdms1rgy
MD5

0369e1ea77e6b56db5cf74aaa45db136
SHA1

c0e2a36b33159e479b5e63e02aee9b5709d4237d
SHA256

310aa0b2e7d5cda89657fea41c2a840f0a2344b5d42a7461f36e76dbb1ddb75d
SHA512

0143137573bcc0c3ac8bcd3877bcb61cbb51b484a3be06ae5361e4940048e99f5f9e416b6e0bff93cc78764d1f0ae1091781d49c294e41a0a2f926aad6f3bf7e
SSDEEP

49152:Ovtt62XlaSFNWPjljiFa2RoUYIcmRJ6DbR3LoGd8DTHHB72eh2NTR:OvP62XlaSFNWPjljiFXRoUYIcmRJ61r

Score

10^/10

quasar office06 spyware trojan

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

Office06

C2

154.216.19.77:7000

Mutex

1e8aec43-b30a-4c63-9211-c18c9decd0e0

Attributes

encryption_key
2A64449428B4580ED5FC6EE66024E26C725626BE
install_name
s.exe
log_directory
Logs
reconnect_delay
3000
startup_key
ssssss
subdirectory
dir

Targets

- Target
  
  310aa0b2e7d5cda89657fea41c2a840f0a2344b5d42a7461f36e76dbb1ddb75d.exe
- Size
  
  3.1MB
- MD5
  
  0369e1ea77e6b56db5cf74aaa45db136
- SHA1
  
  c0e2a36b33159e479b5e63e02aee9b5709d4237d
- SHA256
  
  310aa0b2e7d5cda89657fea41c2a840f0a2344b5d42a7461f36e76dbb1ddb75d
- SHA512
  
  0143137573bcc0c3ac8bcd3877bcb61cbb51b484a3be06ae5361e4940048e99f5f9e416b6e0bff93cc78764d1f0ae1091781d49c294e41a0a2f926aad6f3bf7e
- SSDEEP
  
  49152:Ovtt62XlaSFNWPjljiFa2RoUYIcmRJ6DbR3LoGd8DTHHB72eh2NTR:OvP62XlaSFNWPjljiFXRoUYIcmRJ61r
Score

10^/10

quasar office06 spyware trojan
- Quasar RAT
  Quasar is an open source Remote Access Tool.
  trojan spyware quasar
- Quasar family
  quasar
- Quasar payload
- Executes dropped EXE
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

quasaroffice06spywaretrojan

behavioral2

quasaroffice06spywaretrojan