Overview

overview

10

Static

static

10

Boostrappe...1).exe

windows7-x64

10

Boostrappe...1).exe

windows10-2004-x64

10

Boostrappe...1).exe

windows10-ltsc 2021-x64

10

Boostrappe...1).exe

windows11-21h2-x64

10

Boostrappe...1).exe

macos-10.15-amd64

4

Sharing

Copy URL
Twitter E-mail

General

  • Target

    BoostrapperNew (1).exe

  • Size

    3.1MB

  • Sample

    250209-zsmqrsskgq

  • MD5

    5fa769f4592c691e1032917470a56012

  • SHA1

    bc38e42f098176062b7ccd2bf92d3bf8b1893a78

  • SHA256

    0ccd3733183706222509eb6d435010dbe60044b3f7c57bf70e2f78fa09ef8c24

  • SHA512

    cd71cfb5a14070e1721a6557e7860affc6ae6d7c3067042e3d12e7b49bcdf0e630855362bb988180b8d781574205388fdc185158ed12ea9b4369100a628564ae

  • SSDEEP

    49152:mv2I22SsaNYfdPBldt698dBcjHVrRJ6cbR3LoGdxjTHHB72eh2NT:mvb22SsaNYfdPBldt6+dBcjHVrRJ6m

Score
10/10
quasaroffice04defense_evasiondiscoverymacosspywaretrojan

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

Office04

C2

192.168.1.236:4782

Mutex

b796139d-9ac7-4dd6-b216-9d23cb27a8cf

Attributes
  • encryption_key

    A32C977AF70FAC39329AA4FE677FAA9E5BEB3D7E

  • install_name

    BoostrapperNew.exe

  • log_directory

    Logs

  • reconnect_delay

    3000

  • startup_key

    WIN32

  • subdirectory

    SubDir

Targets

    • Target

      BoostrapperNew (1).exe

    • Size

      3.1MB

    • MD5

      5fa769f4592c691e1032917470a56012

    • SHA1

      bc38e42f098176062b7ccd2bf92d3bf8b1893a78

    • SHA256

      0ccd3733183706222509eb6d435010dbe60044b3f7c57bf70e2f78fa09ef8c24

    • SHA512

      cd71cfb5a14070e1721a6557e7860affc6ae6d7c3067042e3d12e7b49bcdf0e630855362bb988180b8d781574205388fdc185158ed12ea9b4369100a628564ae

    • SSDEEP

      49152:mv2I22SsaNYfdPBldt698dBcjHVrRJ6cbR3LoGdxjTHHB72eh2NT:mvb22SsaNYfdPBldt6+dBcjHVrRJ6m

    Score
    10/10
    quasaroffice04spywaretrojandiscoverydefense_evasion

    • Quasar RAT

      Quasar is an open source Remote Access Tool.

      trojanspywarequasar

    • Quasar family

      quasar

    • Quasar payload

    • Downloads MZ/PE file

    • Executes dropped EXE

    behavioral1behavioral2behavioral3behavioral4behavioral5

MITRE ATT&CK Enterprise v15

Tasks