quasar | 8e0d5671ea32cf623eff250232c51c26d17ecac3351a3b45e10fc042b827c732 | Triage

Sharing

General

Target

8e0d5671ea32cf623eff250232c51c26d17ecac3351a3b45e10fc042b827c732.exe
Size

787KB
Sample

250120-e5v8fs1nbw
MD5

4c8e8ac8d9ca4c1e6179eca7f222a757
SHA1

e621aababa1e434b214073f72608009c9ae0751d
SHA256

8e0d5671ea32cf623eff250232c51c26d17ecac3351a3b45e10fc042b827c732
SHA512

f8083fd22458d88b068fd4672e5c33bb5c5ea8674f9f603f3f5f115d5b400a582145fb8297ca2e8c33c720a2c4fed4e8022cdc41e0caf26c7b4e07fbd95d954a
SSDEEP

12288:SBMYGfKGK1IisTAkFTw7Z5LnZfHKVN88r0o5+593ZBIop2Eg6oXHQSSjl1HU:SxI1MnZfHKw8Be3ZGx36oXw9l10

Score

10^/10

quasar office04 discovery spyware trojan

Malware Config

Extracted

Family

quasar

Version

1.4.0

Botnet

Office04

C2

judicial.con-ip.com:53890

Mutex

cfa7b428-b778-4bda-8f78-8027f433ab1e

Attributes

encryption_key
BCB3D7E61EBFADA295CE4E370B5FC34D54533AA8
install_name
fdxfdx.exe
log_directory
Logs
reconnect_delay
3000
startup_key
fdxnvidia
subdirectory
SubDir

Targets

- Target
  
  8e0d5671ea32cf623eff250232c51c26d17ecac3351a3b45e10fc042b827c732.exe
- Size
  
  787KB
- MD5
  
  4c8e8ac8d9ca4c1e6179eca7f222a757
- SHA1
  
  e621aababa1e434b214073f72608009c9ae0751d
- SHA256
  
  8e0d5671ea32cf623eff250232c51c26d17ecac3351a3b45e10fc042b827c732
- SHA512
  
  f8083fd22458d88b068fd4672e5c33bb5c5ea8674f9f603f3f5f115d5b400a582145fb8297ca2e8c33c720a2c4fed4e8022cdc41e0caf26c7b4e07fbd95d954a
- SSDEEP
  
  12288:SBMYGfKGK1IisTAkFTw7Z5LnZfHKVN88r0o5+593ZBIop2Eg6oXHQSSjl1HU:SxI1MnZfHKw8Be3ZGx36oXw9l10
Score

10^/10

quasar office04 discovery spyware trojan
- Quasar RAT
  Quasar is an open source Remote Access Tool.
  trojan spyware quasar
- Quasar family
  quasar
- Quasar payload
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Remote System Discovery

System Location Discovery

System Language Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

quasaroffice04discoveryspywaretrojan

behavioral2

quasaroffice04discoveryspywaretrojan