quasar | hxxps://www[.]mediafire[.]com/file/pnz7556xgz2tmcz/Testing[.]rar/file | Triage

Sharing

General

Target

https://www.mediafire.com/file/pnz7556xgz2tmcz/Testing.rar/file
Sample

250117-3z456sxjdw

Score

10^/10

quasar office04 discovery evasion execution persistence privilege_escalation spyware trojan

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

Office04

C2

192.168.40.122:4782

rayanneaa-47070.portmap.host:47070

Mutex

f1780d6b-a6ee-4632-9816-f23bb146f81e

Attributes

encryption_key
F38746D956F52C2D74C5EA46908D0B22D4BB8A0C
install_name
Client.exe
log_directory
Logs
reconnect_delay
3000
startup_key
Quasar Client Startup
subdirectory
SubDir

Targets

- Target
  
  https://www.mediafire.com/file/pnz7556xgz2tmcz/Testing.rar/file
Score

10^/10

quasar office04 discovery evasion execution persistence privilege_escalation spyware trojan
- Quasar RAT
  Quasar is an open source Remote Access Tool.
  trojan spyware quasar
- Quasar family
  quasar
- Quasar payload
- Modifies Windows Firewall
  evasion
- Executes dropped EXE
- Command and Scripting Interpreter: PowerShell
  Start PowerShell.
  execution
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Scheduled Task/Job

Scheduled Task

Persistence

Create or Modify System Process

Windows Service

Event Triggered Execution

Netsh Helper DLL

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Create or Modify System Process

Windows Service

Event Triggered Execution

Netsh Helper DLL

Scheduled Task/Job

Scheduled Task

Defense Evasion

Impair Defenses

Disable or Modify System Firewall

Credential Access

Discovery

Browser Information Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

urlscan1

behavioral1

quasaroffice04discoveryevasionexecutionpersistenceprivilege_escalationspywaretrojan