quasar | bb5398474b2aa16ce6c29b681fcb98f4b19bb152413076b7b1748e41efa6dc6d | Triage

Sharing

General

Target

im not verysmart.exe
Size

3.1MB
Sample

250122-wxbbrazkck
MD5

45e2aa5fff9ef27dbe69e171d2827ee1
SHA1

75344a650dc891b86060124c855ec26e5c4dfbbe
SHA256

bb5398474b2aa16ce6c29b681fcb98f4b19bb152413076b7b1748e41efa6dc6d
SHA512

c0d9824e1a8fa72ac29cd151f4331268df9839ba7a071888f08f2bbd73ab45b3f0dd61d4789839f30ebfce208d8409162abe17d316d2ac06470fee5648fbac39
SSDEEP

49152:xv+lL26AaNeWgPhlmVqvMQ7XSKtCL1JHLoGdbtTHHB72eh2NT:xvuL26AaNeWgPhlmVqkQ7XSKtC/

Score

10^/10

quasar office04 discovery spyware trojan

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

Office04

C2

meming-28826.portmap.host:28826

Mutex

0d852c3a-6700-4e42-85af-0da8a2a2fd2a

Attributes

encryption_key
B323B6B4414256836290414EF6F85AFA580A2B68
install_name
Client.exe
log_directory
Logs
reconnect_delay
3000
startup_key
System Notification Tray
subdirectory
SubDir

Targets

- Target
  
  im not verysmart.exe
- Size
  
  3.1MB
- MD5
  
  45e2aa5fff9ef27dbe69e171d2827ee1
- SHA1
  
  75344a650dc891b86060124c855ec26e5c4dfbbe
- SHA256
  
  bb5398474b2aa16ce6c29b681fcb98f4b19bb152413076b7b1748e41efa6dc6d
- SHA512
  
  c0d9824e1a8fa72ac29cd151f4331268df9839ba7a071888f08f2bbd73ab45b3f0dd61d4789839f30ebfce208d8409162abe17d316d2ac06470fee5648fbac39
- SSDEEP
  
  49152:xv+lL26AaNeWgPhlmVqvMQ7XSKtCL1JHLoGdbtTHHB72eh2NT:xvuL26AaNeWgPhlmVqkQ7XSKtC/
Score

10^/10

quasar office04 discovery spyware trojan
- Quasar RAT
  Quasar is an open source Remote Access Tool.
  trojan spyware quasar
- Quasar family
  quasar
- Quasar payload
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

Remote System Discovery

System Information Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

quasaroffice04discoveryspywaretrojan