quasar | d65d972b0c1413180db4516811e9458318a9d087a155945f1e662eb4906743a2 | Triage

Sharing

General

Target

Update.exe
Size

413KB
Sample

250117-zyacmatnbj
MD5

2aa134861bf60bef430f8720237d2463
SHA1

470417f0a7ae082d39a489c39472925a0530d08c
SHA256

d65d972b0c1413180db4516811e9458318a9d087a155945f1e662eb4906743a2
SHA512

95dc07409eb3675b270c617c5f7db34d24e30e4950e899a5dc8d6d11875e85bfd89b74c8e8d66b66c295d6c045eb7b7d0fb6b9a9c48b1ca656895a714b6e971e
SSDEEP

6144:3gmEjkzQT1TVNHWWy7LyWv+8bXd9kuLfbiMsBwVH4UC3qcG8:w1TVVgvyU9zGMsBwlxC3JG8

Score

10^/10

quasar office04 discovery spyware trojan

Malware Config

Extracted

Family

quasar

Version

3.1.5

Botnet

Office04

C2

147.185.221.25:3066

Mutex

$Sxr-jhhmSwtK3L09Qf2ZJs

Attributes

encryption_key
TieqEnTJ1rDhQWR0Ilb7
install_name
Client.exe
log_directory
Logs
reconnect_delay
3000
startup_key
SeroXen Client Startup
subdirectory
SubDir

Targets

- Target
  
  Update.exe
- Size
  
  413KB
- MD5
  
  2aa134861bf60bef430f8720237d2463
- SHA1
  
  470417f0a7ae082d39a489c39472925a0530d08c
- SHA256
  
  d65d972b0c1413180db4516811e9458318a9d087a155945f1e662eb4906743a2
- SHA512
  
  95dc07409eb3675b270c617c5f7db34d24e30e4950e899a5dc8d6d11875e85bfd89b74c8e8d66b66c295d6c045eb7b7d0fb6b9a9c48b1ca656895a714b6e971e
- SSDEEP
  
  6144:3gmEjkzQT1TVNHWWy7LyWv+8bXd9kuLfbiMsBwVH4UC3qcG8:w1TVVgvyU9zGMsBwlxC3JG8
Score

10^/10

quasar office04 discovery spyware trojan
- Quasar RAT
  Quasar is an open source Remote Access Tool.
  trojan spyware quasar
- Quasar family
  quasar
- Quasar payload
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

quasaroffice04discoveryspywaretrojan