quasar | 984fb190e5d6fbc14972ad1eac799098a0e92fdc9c3caf668fb83a5a2e90f708 | Triage

Sharing

General

Target

Client-built.exe
Size

3.1MB
Sample

250204-1f6tjstlby
MD5

b1b23e7564eb88d5e6901c9756463227
SHA1

e3bc8a7be02bc91358abe1a1b3351b2c7c0a466c
SHA256

984fb190e5d6fbc14972ad1eac799098a0e92fdc9c3caf668fb83a5a2e90f708
SHA512

293d73265ad8569d28adcb47e2b5f90b5baa6cde4411825258a5c656abbb7fc831b7b9f753e688511289691137a527590d45204a4e7ecca5595006f920c5f95e
SSDEEP

49152:OvFt62XlaSFNWPjljiFa2RoUYIVuz6Bx3GoGdKTHHB72eh2NT:Ov362XlaSFNWPjljiFXRoUYIMzv

Score

10^/10

quasar office04 spyware trojan

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

Office04

C2

127.0.0.1:4782

Mutex

ec402812-c0b3-4314-80f7-4ab5e6935689

Attributes

encryption_key
D9C0FD8481035A2F5997C8D6003A1CC132B124F7
install_name
Client.exe
log_directory
Logs
reconnect_delay
3000
startup_key
Quasar Client Startup
subdirectory
SubDir

Targets

- Target
  
  Client-built.exe
- Size
  
  3.1MB
- MD5
  
  b1b23e7564eb88d5e6901c9756463227
- SHA1
  
  e3bc8a7be02bc91358abe1a1b3351b2c7c0a466c
- SHA256
  
  984fb190e5d6fbc14972ad1eac799098a0e92fdc9c3caf668fb83a5a2e90f708
- SHA512
  
  293d73265ad8569d28adcb47e2b5f90b5baa6cde4411825258a5c656abbb7fc831b7b9f753e688511289691137a527590d45204a4e7ecca5595006f920c5f95e
- SSDEEP
  
  49152:OvFt62XlaSFNWPjljiFa2RoUYIVuz6Bx3GoGdKTHHB72eh2NT:Ov362XlaSFNWPjljiFXRoUYIMzv
Score

10^/10

quasar office04 spyware trojan
- Quasar RAT
  Quasar is an open source Remote Access Tool.
  trojan spyware quasar
- Quasar family
  quasar
- Quasar payload
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

quasaroffice04spywaretrojan