quasar | 2dac612eb9e1901ccc9dba9b03680a3a330b4084f0aeb8d543f3c7a595644829 | Triage

Submit
Reports

Overview

overview

Static

static

rat.exe

windows7-x64

rat.exe

windows10-2004-x64

Sharing

General

Target

rat.exe
Size

3.1MB
Sample

250209-vwxypaxndm
MD5

0ef2261e6587f8b552ec3da98331ff26
SHA1

7c8a1b9fd589576d1979c5576219e734ce7a0699
SHA256

2dac612eb9e1901ccc9dba9b03680a3a330b4084f0aeb8d543f3c7a595644829
SHA512

ab6363753345ede1b29d8ef3a9592e9febbbb25348d77a2f214a0d7e08301f6596c99fbeb1ee6b62edb426454562dc74657f295a876021bba8610b6f9a9c2e34
SSDEEP

49152:evHI22SsaNYfdPBldt698dBcjHpxDEDw1k/JxQoGdtTHHB72eh2NT:evo22SsaNYfdPBldt6+dBcjHpxW+

Score

10^/10

quasar office01 discovery spyware trojan

Static task

static1

office01 quasar

3 signatures

Behavioral task

behavioral1

Sample

rat.exe

Resource

win7-20241010-en

quasar office01 spyware trojan

windows7-x64

10 signatures

150 seconds

Behavioral task

behavioral2

Sample

rat.exe

Resource

win10v2004-20250207-en

quasar office01 discovery spyware trojan

windows10-2004-x64

13 signatures

150 seconds

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

Office01

C2

sabaf-38910.portmap.host:38910

Mutex

f7356d60-951e-494a-a901-2e12bb084129

Attributes

encryption_key
5C7AC20AEB149D8BC06141FCF79866AD6E3847AD
install_name
RuntimeBroker.exe
log_directory
Logs
reconnect_delay
3000
startup_key
RunTimeBroker
subdirectory
System32

Targets

- Target
  
  rat.exe
- Size
  
  3.1MB
- MD5
  
  0ef2261e6587f8b552ec3da98331ff26
- SHA1
  
  7c8a1b9fd589576d1979c5576219e734ce7a0699
- SHA256
  
  2dac612eb9e1901ccc9dba9b03680a3a330b4084f0aeb8d543f3c7a595644829
- SHA512
  
  ab6363753345ede1b29d8ef3a9592e9febbbb25348d77a2f214a0d7e08301f6596c99fbeb1ee6b62edb426454562dc74657f295a876021bba8610b6f9a9c2e34
- SSDEEP
  
  49152:evHI22SsaNYfdPBldt698dBcjHpxDEDw1k/JxQoGdtTHHB72eh2NT:evo22SsaNYfdPBldt6+dBcjHpxW+
Score

10^/10

quasar office01 spyware trojan discovery
- Quasar RAT
  Quasar is an open source Remote Access Tool.
  trojan spyware quasar
- Quasar family
  quasar
- Quasar payload
- Downloads MZ/PE file
- Executes dropped EXE
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Location Discovery

System Language Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

quasaroffice01spywaretrojan

behavioral2

quasaroffice01discoveryspywaretrojan

© 2018-2025

Terms | Privacy