quasar | 54bc877bd313adcbb4f686033605fe37c632b013892f6ab107396c4982f6b740 | Triage

Sharing

General

Target

54bc877bd313adcbb4f686033605fe37c632b013892f6ab107396c4982f6b740
Size

3.0MB
Sample

250207-3lsvzsvlfn
MD5

76d3c22ade070633a2ada8c98e7b52a6
SHA1

9f2525fa0b45d6f9e9c39afbc23faa82f7ec1091
SHA256

54bc877bd313adcbb4f686033605fe37c632b013892f6ab107396c4982f6b740
SHA512

3f4b65fc285f20b6aed367d76460bfa5be168a8013e76eeb6ae41da0f718b3b1dba4a852b8089dae804b0ad1e875a52b61db95f11829edbb681de2c66c298e5b
SSDEEP

49152:uJZLe2gk2zjxgEHjykoN0zmQY1QyOrdMFv2ZmffawwEfg:uwhjoN0zmxdWqv2Zmff

Score

10^/10

quasar office365 discovery spyware trojan

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

Office365

C2

0.0.0.0:4444

Mutex

d7e31ae5-01c9-4ae9-9492-b3417015c4f3

Attributes

encryption_key
C0022A95F8CF0711A4CC81872E320305BE1DA33B
install_name
svchost.exe
log_directory
Logs
reconnect_delay
5000
startup_key
Quasar Client Startup
subdirectory
SubDir

Targets

- Target
  
  54bc877bd313adcbb4f686033605fe37c632b013892f6ab107396c4982f6b740
- Size
  
  3.0MB
- MD5
  
  76d3c22ade070633a2ada8c98e7b52a6
- SHA1
  
  9f2525fa0b45d6f9e9c39afbc23faa82f7ec1091
- SHA256
  
  54bc877bd313adcbb4f686033605fe37c632b013892f6ab107396c4982f6b740
- SHA512
  
  3f4b65fc285f20b6aed367d76460bfa5be168a8013e76eeb6ae41da0f718b3b1dba4a852b8089dae804b0ad1e875a52b61db95f11829edbb681de2c66c298e5b
- SSDEEP
  
  49152:uJZLe2gk2zjxgEHjykoN0zmQY1QyOrdMFv2ZmffawwEfg:uwhjoN0zmxdWqv2Zmff
Score

10^/10

quasar office365 discovery spyware trojan
- Quasar RAT
  Quasar is an open source Remote Access Tool.
  trojan spyware quasar
- Quasar family
  quasar
- Quasar payload
- Downloads MZ/PE file
- Executes dropped EXE
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

System Location Discovery

System Language Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

quasaroffice365discoveryspywaretrojan