quasar | 3ac5ae9c8f911d487ba0abd16877e4bd6f507f8316763483524da339a71f357b | Triage

Submit
Reports

Overview

overview

Static

static

1

New Intern...ut.url

windows11-21h2-x64

Sharing

General

Target

New Internet Shortcut.url
Size

133B
Sample

250206-yklcasvmgx
MD5

8211bbc19996462890392f818d4209c3
SHA1

dd503dd2c9593feed13ddd52f124852a0dbeb6de
SHA256

3ac5ae9c8f911d487ba0abd16877e4bd6f507f8316763483524da339a71f357b
SHA512

5a54d2232b20119dab89fe5a4317d64d6b88a20ccba15722a26ef9e8312769a9e7784e38a6642bef296da78637fdd67780b9e0cd093209480776cd8ee38dd49e

Score

10^/10

quasar office04 defense_evasion discovery spyware trojan

Static task

static1

Behavioral task

behavioral1

Sample

New Internet Shortcut.url

Resource

win11-20241007-en

quasar office04 defense_evasion discovery spyware trojan

windows11-21h2-x64

24 signatures

900 seconds

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

Office04

C2

192.168.1.19:4782

Mutex

cbd5bb11-a5b0-4dee-8e4b-bb4f3dacc71d

Attributes

encryption_key
17F9A06104A1A84BB74B1E617E0D5896149A2953
install_name
Solora.exe
log_directory
Logs
reconnect_delay
3000
startup_key
Windows Defender
subdirectory
SubDir

Targets

- Target
  
  New Internet Shortcut.url
- Size
  
  133B
- MD5
  
  8211bbc19996462890392f818d4209c3
- SHA1
  
  dd503dd2c9593feed13ddd52f124852a0dbeb6de
- SHA256
  
  3ac5ae9c8f911d487ba0abd16877e4bd6f507f8316763483524da339a71f357b
- SHA512
  
  5a54d2232b20119dab89fe5a4317d64d6b88a20ccba15722a26ef9e8312769a9e7784e38a6642bef296da78637fdd67780b9e0cd093209480776cd8ee38dd49e
Score

10^/10

quasar office04 defense_evasion discovery spyware trojan
- Quasar RAT
  Quasar is an open source Remote Access Tool.
  trojan spyware quasar
- Quasar family
  quasar
- Quasar payload
- Downloads MZ/PE file
- Executes dropped EXE
- Legitimate hosting services abused for malware hosting/C2
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Modify Registry

Subvert Trust Controls

SIP and Trust Provider Hijacking

Credential Access

Discovery

Browser Information Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

quasaroffice04defense_evasiondiscoveryspywaretrojan

© 2018-2025

Terms | Privacy