quasar | 629d5525bebd5ed6d37a8c75e3c326647f9f8d5420e5b0a43dfade7563cc4024 | Triage

Submit
Reports

Overview

overview

Static

static

Client-built.exe

windows10-ltsc 2021-x64

Sharing

General

Target

Client-built.exe
Size

3.1MB
Sample

250125-vtsaesvjbn
MD5

43ba56942448efaf6200c561be3aa4cd
SHA1

26a8f505a3e1aee989c56b35cef729fc77b1c028
SHA256

629d5525bebd5ed6d37a8c75e3c326647f9f8d5420e5b0a43dfade7563cc4024
SHA512

59e0b28de0ca1d67a3654e84235222ab64f5a9f4818db32c5ee51e2270a2a9c954f64d4714a8040ada194c04a36d8ba6fa8d55296e297160cdc1e9f3fe976dfe
SSDEEP

49152:6vsG42pda6D+/PjlLOlg6yQipV9fBtIBxwMoGdaYTHHB72eh2NT:6v342pda6D+/PjlLOlZyQipVLtg

Score

10^/10

quasar office04 discovery spyware trojan

Static task

static1

office04 quasar

3 signatures

Behavioral task

behavioral1

Sample

Client-built.exe

Resource

win10ltsc2021-20250113-de

quasar office04 discovery spyware trojan

windows10-ltsc 2021-x64

13 signatures

900 seconds

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

Office04

C2

192.168.178.56:4782

tcp://5.tcp.eu.ngrok.io:13134:7771

Mutex

0552115c-2459-453f-980d-c60aebb9957e

Attributes

encryption_key
1DEED326568BA39A5A6D6473414A146E2A7F5724
install_name
Client.exe
log_directory
Logs
reconnect_delay
3000
startup_key
Quasar Client Startup
subdirectory
SubDir

Targets

- Target
  
  Client-built.exe
- Size
  
  3.1MB
- MD5
  
  43ba56942448efaf6200c561be3aa4cd
- SHA1
  
  26a8f505a3e1aee989c56b35cef729fc77b1c028
- SHA256
  
  629d5525bebd5ed6d37a8c75e3c326647f9f8d5420e5b0a43dfade7563cc4024
- SHA512
  
  59e0b28de0ca1d67a3654e84235222ab64f5a9f4818db32c5ee51e2270a2a9c954f64d4714a8040ada194c04a36d8ba6fa8d55296e297160cdc1e9f3fe976dfe
- SSDEEP
  
  49152:6vsG42pda6D+/PjlLOlg6yQipV9fBtIBxwMoGdaYTHHB72eh2NT:6v342pda6D+/PjlLOlZyQipVLtg
Score

10^/10

quasar office04 discovery spyware trojan
- Quasar RAT
  Quasar is an open source Remote Access Tool.
  trojan spyware quasar
- Quasar family
  quasar
- Quasar payload
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

Remote System Discovery

System Information Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

quasaroffice04discoveryspywaretrojan

© 2018-2025

Terms | Privacy