Overview

overview

10

Static

static

10

test.exe

windows7-x64

10

test.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    NewCompressedzippedFolder.zip

  • Size

    179KB

  • Sample

    250209-3mhfmswlcp

  • MD5

    6807709ba6a478ab2f74a1dec8b915bf

  • SHA1

    7e89af71ecada8be49b0a0351f3601e1ce2ea21b

  • SHA256

    05179b9dfbc17195f29cf193a16449c9236a1539f53d57d56f12146c491255f4

  • SHA512

    7c5da5af0a690eec46dc2c66f3cdb4e490f14930d23137dad512c831400eee1fe9121ef1cd6d389522a5cc786d6ad47347736280dabd1ab16e7ca97e46d56edc

  • SSDEEP

    3072:PyBZBdgt1/5UNkkdZrgzvJd7Z0F2+R6sSNg37EeW2M2vI5wfmAr8BYN/zZk6:PyBZPg5ULZrExd7ZbVgLn17vI5wfbQBc

Score
10/10
quasaroffice04discoveryspywaretrojan

Malware Config

Extracted

Family

quasar

Version

1.3.0.0

Botnet

Office04

C2

127.0.0.1:4782

Mutex

QSR_MUTEX_n0f6at7YDD5llBKKrq

Attributes
  • encryption_key

    WTfCCpEEZrrjQU0Hwnaj

  • install_name

    Client.exe

  • log_directory

    Logs

  • reconnect_delay

    3000

  • startup_key

    csrss.exe

  • subdirectory

    SubDir

Targets

    • Target

      test.exe

    • Size

      348KB

    • MD5

      2f671e7ebc050b4f024988ef32316937

    • SHA1

      73a69d7d9ed1c8a63d626edf59702b470d2d6650

    • SHA256

      25f2d280e685bf93f437553620a4b4e89d362205af34c22263bcd6bb33386fe3

    • SHA512

      86f0a286e39040a86504c306f9587e840d8ea74bfaaaee5105f0689434b4e433ab5c30032077a8e3e7eae697a65ebae3a09001434a31f9ac5863c323d2d7d7be

    • SSDEEP

      3072:hjrN+Jhi1vwWdCqLlpyDcsvPBsPJ+bgCr8a8JLEThlbVBD5JVWt8nwU69r4rUYT1:hHUhIvTCqLyR0LtUbPdv69r4rUYTMm

    Score
    10/10
    quasaroffice04discoveryspywaretrojan

    • Quasar RAT

      Quasar is an open source Remote Access Tool.

      trojanspywarequasar

    • Quasar family

      quasar

    • Quasar payload

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks