quasar | 4c6183029dcf2e4d604c473c2dfb4f72037b6a8f13d9183b0842fd201e422d7a | Triage

Submit
Reports

Overview

overview

Static

static

1

nx7phD.html

windows11-21h2-x64

Sharing

General

Target

nx7phD
Size

7KB
Sample

250201-3rj52awjdw
MD5

aa5d13590623abb5d3963a8af5dfb85d
SHA1

8dcb62e75f970ac4f9f78e2558f335951b599774
SHA256

4c6183029dcf2e4d604c473c2dfb4f72037b6a8f13d9183b0842fd201e422d7a
SHA512

94899bfebc29d4d76c1a8d0e9b787ae50386a5e8718194791d27d86eb7e67e1b0e1a9b0a4e68031905c767419bd767b9d2666ac5ffd0a8dd87c0bf842ac7282b
SSDEEP

96:CMq9SlLh2B3Zq36uWl/PtxyjttJQ8Maoah3vL5LaNclmnU1Eh2sS:T1lLhwJrPahtJxMaoah3vG12sS

Score

10^/10

quasar office04 defense_evasion discovery spyware trojan

Static task

static1

Behavioral task

behavioral1

Sample

nx7phD.html

Resource

win11-20241007-en

quasar office04 defense_evasion discovery spyware trojan

windows11-21h2-x64

18 signatures

300 seconds

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

Office04

C2

10.0.2.15:4782

Mutex

66d25d16-09a7-4f10-9c42-f3d9c7cdb26e

Attributes

encryption_key
CA4CB708676EB95751DED8C839286B4754CDEA48
install_name
GalaxySwapperV2.exe
log_directory
Logs
reconnect_delay
3000
startup_key
GalaxySwapperV2 Startup
subdirectory
SubDir

Targets

- Target
  
  nx7phD
- Size
  
  7KB
- MD5
  
  aa5d13590623abb5d3963a8af5dfb85d
- SHA1
  
  8dcb62e75f970ac4f9f78e2558f335951b599774
- SHA256
  
  4c6183029dcf2e4d604c473c2dfb4f72037b6a8f13d9183b0842fd201e422d7a
- SHA512
  
  94899bfebc29d4d76c1a8d0e9b787ae50386a5e8718194791d27d86eb7e67e1b0e1a9b0a4e68031905c767419bd767b9d2666ac5ffd0a8dd87c0bf842ac7282b
- SSDEEP
  
  96:CMq9SlLh2B3Zq36uWl/PtxyjttJQ8Maoah3vL5LaNclmnU1Eh2sS:T1lLhwJrPahtJxMaoah3vG12sS
Score

10^/10

quasar office04 defense_evasion discovery spyware trojan
- Quasar RAT
  Quasar is an open source Remote Access Tool.
  trojan spyware quasar
- Quasar family
  quasar
- Quasar payload
- Downloads MZ/PE file
- Executes dropped EXE
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Subvert Trust Controls

SIP and Trust Provider Hijacking

Credential Access

Discovery

Browser Information Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

quasaroffice04defense_evasiondiscoveryspywaretrojan

© 2018-2025

Terms | Privacy