Overview

overview

10

Static

static

10

Client-built.exe

windows10-ltsc 2021-x64

10

Client-built.exe

windows11-21h2-x64

10

Analysis

  • max time kernel
    884s
  • max time network
    900s
  • platform
    windows10-ltsc 2021_x64
  • resource
    win10ltsc2021-20250128-en
  • resource tags

    arch:x64arch:x86image:win10ltsc2021-20250128-enlocale:en-usos:windows10-ltsc 2021-x64system
  • submitted
    06-02-2025 18:12

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Client-built.exe

  • Size

    3.1MB

  • MD5

    de7909c583d5e0b334e89e95f6384171

  • SHA1

    d483c5298602a9b706d848262929e4ef3ec03720

  • SHA256

    bbdb9c68f5f4dad1f0bc699176d54fca52f89f6a30f4e22b0a7be85b2aade5c1

  • SHA512

    a375179aa3f2b4cbf3543c61ccf6ef422c3664a0797cc6d76d044ecced36f23a1bab7927e24bb54394631c1971d3e745085fdc3152b5d25d8bfe8eaddf7f1ee0

  • SSDEEP

    49152:rvnI22SsaNYfdPBldt698dBcjH+g/MBxvLoGd5THHB72eh2NT:rvI22SsaNYfdPBldt6+dBcjH1/s

Score
10/10
quasaroffice04spywaretrojan

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

Office04

C2

100.68.87.21:5050

Mutex

7f5242b1-93d2-4a21-9129-5a75556ad700

Attributes
  • encryption_key

    797D0B478D9E5462152708E8188B9B9CACB9144A

  • install_name

    Client.exe

  • log_directory

    Logs

  • reconnect_delay

    3000

  • startup_key

    Quasar Client Startup

  • subdirectory

    SubDir

Signatures

  • Quasar RAT

    Quasar is an open source Remote Access Tool.

    trojanspywarequasar
  • Quasar family
    quasar
  • Quasar payload 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Client-built.exe
    "C:\Users\Admin\AppData\Local\Temp\Client-built.exe"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of SetWindowsHookEx
    PID:4008

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/4008-0-0x00007FFDD5C43000-0x00007FFDD5C45000-memory.dmp

    Filesize

    8KB

    Download

  • memory/4008-1-0x0000000000070000-0x0000000000394000-memory.dmp

    Filesize

    3.1MB

    Download

  • memory/4008-2-0x00007FFDD5C40000-0x00007FFDD6702000-memory.dmp

    Filesize

    10.8MB

    Download

  • memory/4008-3-0x000000001BD10000-0x000000001BD60000-memory.dmp

    Filesize

    320KB

    Download

  • memory/4008-4-0x000000001BE20000-0x000000001BED2000-memory.dmp

    Filesize

    712KB

    Download

  • memory/4008-5-0x00007FFDD5C43000-0x00007FFDD5C45000-memory.dmp

    Filesize

    8KB

    Download

  • memory/4008-6-0x00007FFDD5C40000-0x00007FFDD6702000-memory.dmp

    Filesize

    10.8MB

    Download