quasar | 90f39464d539842cc2f378743c0c9cd499b96a3f1deaeb629b7815c76c808d97 | Triage

Sharing

General

Target

UniversalFree_Crypted.exe
Size

4.2MB
Sample

250204-emxnkavkcw
MD5

edc97f15907d91c7855029db32ab3f1b
SHA1

33ab23c9d6a9f267a8e67d6d8bef539c02649220
SHA256

90f39464d539842cc2f378743c0c9cd499b96a3f1deaeb629b7815c76c808d97
SHA512

e74ce0a6c711bb137ce49f0af1ba51f05aa022a8a94a104884a4765095e268c024eb8f57656f2bbeecd9c36883ad8c270e4b758be560a81a46542560a117f124
SSDEEP

49152:I2Dz4ir0dsj6RA9snP7wtoCiZtI7+h1zKyMNIcSEe7jk8AzYiOdornUkEUuUnY:K

Score

10^/10

quasar office04 discovery spyware trojan

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

Office04

C2

127.0.0.1:4782

Mutex

b0a3a901-70c7-4331-bc54-4c2f60c774c7

Attributes

encryption_key
CBFA1F5BBBA35BB09E64850568E8730F58DCF089
install_name
Client.exe
log_directory
Logs
reconnect_delay
3000
startup_key
Quasar Client Startup
subdirectory
SubDir

Targets

- Target
  
  UniversalFree_Crypted.exe
- Size
  
  4.2MB
- MD5
  
  edc97f15907d91c7855029db32ab3f1b
- SHA1
  
  33ab23c9d6a9f267a8e67d6d8bef539c02649220
- SHA256
  
  90f39464d539842cc2f378743c0c9cd499b96a3f1deaeb629b7815c76c808d97
- SHA512
  
  e74ce0a6c711bb137ce49f0af1ba51f05aa022a8a94a104884a4765095e268c024eb8f57656f2bbeecd9c36883ad8c270e4b758be560a81a46542560a117f124
- SSDEEP
  
  49152:I2Dz4ir0dsj6RA9snP7wtoCiZtI7+h1zKyMNIcSEe7jk8AzYiOdornUkEUuUnY:K
Score

10^/10

quasar office04 discovery spyware trojan
- Quasar RAT
  Quasar is an open source Remote Access Tool.
  trojan spyware quasar
- Quasar family
  quasar
- Quasar payload
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

quasaroffice04discoveryspywaretrojan

behavioral2

quasaroffice04discoveryspywaretrojan