quasar | 8996eea27038c155ff56b2e92be7890b9563a4f16f3429eefebca9185f0c96bb | Triage

Submit
Reports

Overview

overview

Static

static

Client-built.exe

windows7-x64

Client-built.exe

windows10-2004-x64

Sharing

General

Target

Client-built.exe
Size

502KB
Sample

250120-kg1e6a1khr
MD5

e2deea190fb3295976a3bf18d070233b
SHA1

e056164cfb9eb114f961f19e7181f60003ae0ce5
SHA256

8996eea27038c155ff56b2e92be7890b9563a4f16f3429eefebca9185f0c96bb
SHA512

ff2df89e00e2ecb2b88bb620885ba08e9aed29721e2d22b5c2c64f9736e097e37045dfcef8a80f1518135c5e62725ec02dcbddd492af2ab5a687980a3e2b4362
SSDEEP

6144:RTEgdc0YvXAGbgiIN2RSBUAb4qqpdNHKX6gYcEbOb899VTUjp9NcF95yEcTR3S:RTEgdfYnbgBO1cYrh3y9SFnyEcdS

Score

10^/10

quasar office04 spyware trojan

Static task

static1

office04 quasar

3 signatures

Behavioral task

behavioral1

Sample

Client-built.exe

Resource

win7-20240903-en

quasar office04 spyware trojan

windows7-x64

7 signatures

150 seconds

Behavioral task

behavioral2

Sample

Client-built.exe

Resource

win10v2004-20241007-en

quasar office04 spyware trojan

windows10-2004-x64

8 signatures

150 seconds

Malware Config

Extracted

Family

quasar

Version

1.4.0

Botnet

Office04

C2

141.11.109.176:1337

Mutex

ca86f6fa-6854-4e21-a291-bafe58087953

Attributes

encryption_key
66AB7C24B21EDAE67341911E0531E758FE651040
install_name
Client.exe
log_directory
Logs
reconnect_delay
3000
startup_key
Quasar Client Startup
subdirectory
SubDir

Targets

- Target
  
  Client-built.exe
- Size
  
  502KB
- MD5
  
  e2deea190fb3295976a3bf18d070233b
- SHA1
  
  e056164cfb9eb114f961f19e7181f60003ae0ce5
- SHA256
  
  8996eea27038c155ff56b2e92be7890b9563a4f16f3429eefebca9185f0c96bb
- SHA512
  
  ff2df89e00e2ecb2b88bb620885ba08e9aed29721e2d22b5c2c64f9736e097e37045dfcef8a80f1518135c5e62725ec02dcbddd492af2ab5a687980a3e2b4362
- SSDEEP
  
  6144:RTEgdc0YvXAGbgiIN2RSBUAb4qqpdNHKX6gYcEbOb899VTUjp9NcF95yEcTR3S:RTEgdfYnbgBO1cYrh3y9SFnyEcdS
Score

10^/10

quasar office04 spyware trojan
- Quasar RAT
  Quasar is an open source Remote Access Tool.
  trojan spyware quasar
- Quasar family
  quasar
- Quasar payload
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

quasaroffice04spywaretrojan

behavioral2

quasaroffice04spywaretrojan

© 2018-2025

Terms | Privacy