Overview

overview

10

Static

static

10

Client-built.exe

windows10-2004-x64

10

Client-built.exe

windows11-21h2-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Client-built.exe

  • Size

    3.1MB

  • Sample

    250204-enh7kawmhj

  • MD5

    c9c5e0626761e6dfdbe01941e8f8b332

  • SHA1

    6222bf847ba1b324bc291867abcf3fe2d3d76400

  • SHA256

    cd86c5503176eec0bc6209d504366ffdbe9d18167460aa2784a2f720e8c5bd6d

  • SHA512

    2328286dd003d413f38c2f6d8afc3933cfbf18774d1b26b7d40fe97537c7cd34d76e3b43492f5d0628464877beb78e524cee3941f9312e23356fdd5e7192bc2c

  • SSDEEP

    49152:Dvkt62XlaSFNWPjljiFa2RoUYIsCmwLoRdJFTHHB72eh2NT:Dv462XlaSFNWPjljiFXRoUYIsCmO

Score
10/10
quasaroffice04spywaretrojan

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

Office04

C2

98.218.3.74:4800

Mutex

366cc5a6-9875-43f5-b406-b422373aa69b

Attributes
  • encryption_key

    13765B0E8E4F6CB0053DA8B5123C9FA10F47987B

  • install_name

    Client.exe

  • log_directory

    Logs

  • reconnect_delay

    3000

  • startup_key

    bob

  • subdirectory

    SubDir

Targets

    • Target

      Client-built.exe

    • Size

      3.1MB

    • MD5

      c9c5e0626761e6dfdbe01941e8f8b332

    • SHA1

      6222bf847ba1b324bc291867abcf3fe2d3d76400

    • SHA256

      cd86c5503176eec0bc6209d504366ffdbe9d18167460aa2784a2f720e8c5bd6d

    • SHA512

      2328286dd003d413f38c2f6d8afc3933cfbf18774d1b26b7d40fe97537c7cd34d76e3b43492f5d0628464877beb78e524cee3941f9312e23356fdd5e7192bc2c

    • SSDEEP

      49152:Dvkt62XlaSFNWPjljiFa2RoUYIsCmwLoRdJFTHHB72eh2NT:Dv462XlaSFNWPjljiFXRoUYIsCmO

    Score
    10/10
    quasaroffice04spywaretrojan

    • Quasar RAT

      Quasar is an open source Remote Access Tool.

      trojanspywarequasar

    • Quasar family

      quasar

    • Quasar payload

    • Executes dropped EXE

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks