Overview

overview

10

Static

static

10

STAR HOOK.exe

windows11-21h2-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    STAR HOOK.exe

  • Size

    3.1MB

  • Sample

    250123-erlf4a1qfx

  • MD5

    e05108dad2df0d077c02297b720bd7aa

  • SHA1

    5f86c17a4287fad6c8d4339c97bcca1549ae9d96

  • SHA256

    8887b67a5cf1e1e975a9b37c77509652e475607e02c5d744ab2b843edc84cc5a

  • SHA512

    9953ac0465609e19674cac51f67ec69d25e8b9500995cb1b93c46bdd8bfda0519ddfb40ace36575435f65b5d63dbc5eebe743d6855943e43cf79975a9258cf3f

  • SSDEEP

    49152:rvyI22SsaNYfdPBldt698dBcjHyrjGgJ8QoGdQTHHB72eh2NT:rvf22SsaNYfdPBldt6+dBcjHyrfJF

Score
10/10
quasaroffice04spywaretrojan

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

Office04

C2

192.168.12.223:4782

Mutex

9ff7b014-19b2-444b-95dd-ac9edadfe699

Attributes
  • encryption_key

    39B0A38C739CA03F425D52D6DB813486CCB3B858

  • install_name

    Client.exe

  • log_directory

    HITS FOR QUASAR

  • reconnect_delay

    3000

  • startup_key

    Quasar Client Startup

  • subdirectory

    SubDir

Targets

    • Target

      STAR HOOK.exe

    • Size

      3.1MB

    • MD5

      e05108dad2df0d077c02297b720bd7aa

    • SHA1

      5f86c17a4287fad6c8d4339c97bcca1549ae9d96

    • SHA256

      8887b67a5cf1e1e975a9b37c77509652e475607e02c5d744ab2b843edc84cc5a

    • SHA512

      9953ac0465609e19674cac51f67ec69d25e8b9500995cb1b93c46bdd8bfda0519ddfb40ace36575435f65b5d63dbc5eebe743d6855943e43cf79975a9258cf3f

    • SSDEEP

      49152:rvyI22SsaNYfdPBldt698dBcjHyrjGgJ8QoGdQTHHB72eh2NT:rvf22SsaNYfdPBldt6+dBcjHyrfJF

    Score
    10/10
    quasaroffice04spywaretrojan

    • Quasar RAT

      Quasar is an open source Remote Access Tool.

      trojanspywarequasar

    • Quasar family

      quasar

    • Quasar payload

    • Executes dropped EXE

    behavioral1

MITRE ATT&CK Enterprise v15

Tasks