quasar | 5f541a16b678fb79fe6dc150a57108881efc9d392e77644024e288a38c02ff29 | Triage

Submit
Reports

Overview

overview

Static

static

5f541a16b6...29.exe

windows7-x64

5f541a16b6...29.exe

windows10-2004-x64

Sharing

General

Target

5f541a16b678fb79fe6dc150a57108881efc9d392e77644024e288a38c02ff29.exe
Size

502KB
Sample

250118-e2paqstlcm
MD5

9aae678c7cea5987d5092a61623207e2
SHA1

0243213e394988c281596785b9cdd3c5c8db0253
SHA256

5f541a16b678fb79fe6dc150a57108881efc9d392e77644024e288a38c02ff29
SHA512

1f4e1df5d6936048456b493ed2d4268f611b94940f51b41c3c70f925306b451201d882e59031c80cd265ecbe84e0e22f57cc2f5446a9390a87973254db034be9
SSDEEP

12288:1TEgdfYXxURT3qh4kywJUpvZKJyRXMUykUcdW:WUw+25ywJUpvZKJGn8cdW

Score

10^/10

quasar office04 spyware trojan

Static task

static1

office04 quasar

3 signatures

Behavioral task

behavioral1

Sample

5f541a16b678fb79fe6dc150a57108881efc9d392e77644024e288a38c02ff29.exe

Resource

win7-20240903-en

quasar office04 spyware trojan

windows7-x64

11 signatures

150 seconds

Behavioral task

behavioral2

Sample

5f541a16b678fb79fe6dc150a57108881efc9d392e77644024e288a38c02ff29.exe

Resource

win10v2004-20241007-en

quasar office04 spyware trojan

windows10-2004-x64

11 signatures

150 seconds

Malware Config

Extracted

Family

quasar

Version

1.4.0

Botnet

Office04

C2

93.177.102.208:1337

Mutex

b1f80fe6-27eb-4a1c-bb91-851d5cd8d500

Attributes

encryption_key
9C554DBE5929DA2C3E389A9DF35A30153D68038C
install_name
Client.exe
log_directory
Logs
reconnect_delay
3000
startup_key
Java Updater
subdirectory
SubDir

Targets

- Target
  
  5f541a16b678fb79fe6dc150a57108881efc9d392e77644024e288a38c02ff29.exe
- Size
  
  502KB
- MD5
  
  9aae678c7cea5987d5092a61623207e2
- SHA1
  
  0243213e394988c281596785b9cdd3c5c8db0253
- SHA256
  
  5f541a16b678fb79fe6dc150a57108881efc9d392e77644024e288a38c02ff29
- SHA512
  
  1f4e1df5d6936048456b493ed2d4268f611b94940f51b41c3c70f925306b451201d882e59031c80cd265ecbe84e0e22f57cc2f5446a9390a87973254db034be9
- SSDEEP
  
  12288:1TEgdfYXxURT3qh4kywJUpvZKJyRXMUykUcdW:WUw+25ywJUpvZKJGn8cdW
Score

10^/10

quasar office04 spyware trojan
- Quasar RAT
  Quasar is an open source Remote Access Tool.
  trojan spyware quasar
- Quasar family
  quasar
- Quasar payload
- Executes dropped EXE
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

quasaroffice04spywaretrojan

behavioral2

quasaroffice04spywaretrojan

© 2018-2025

Terms | Privacy