quasar | 04eac5441314e3a90d9484b12e98e59b30043adcfc6c4098a0543955c737baca | Triage

Submit
Reports

Overview

overview

Static

static

Client-built.exe

windows7-x64

Client-built.exe

windows10-2004-x64

Sharing

General

Target

Client-built.exe
Size

3.1MB
Sample

250212-x3k9ksvmcl
MD5

5093a2e35893a68da7c09238084d6f7e
SHA1

6a593b9a357b500c13d8b98547237c60ad949683
SHA256

04eac5441314e3a90d9484b12e98e59b30043adcfc6c4098a0543955c737baca
SHA512

5203cf07ab9922534d7b016f1b53b038b582047a2d571928a4c11ef64c248345ca4c335e5426c030f1f529077c1ba63d38a235082a3fd7ddd932e15fc6ee8374
SSDEEP

49152:/vHlL26AaNeWgPhlmVqvMQ7XSKsvzuMgAoGd5ITHHB72eh2NT:/vFL26AaNeWgPhlmVqkQ7XSKEzuML

Score

10^/10

quasar office04 discovery spyware trojan

Static task

static1

office04 quasar

3 signatures

Behavioral task

behavioral1

Sample

Client-built.exe

Resource

win7-20241010-en

quasar office04 spyware trojan

windows7-x64

9 signatures

150 seconds

Behavioral task

behavioral2

Sample

Client-built.exe

Resource

win10v2004-20250211-en

quasar office04 discovery spyware trojan

windows10-2004-x64

12 signatures

150 seconds

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

Office04

C2

192.168.1.37:4782

Mutex

49b0d307-a06e-42f0-b4dd-ceae2c88d2f0

Attributes

encryption_key
B73F224CF41A826EF2EC1843B90021541FBE12A9
install_name
FortniteAimbot_v2.0.exe
log_directory
Logs
reconnect_delay
1
startup_key
FortniteAimbot_v2.0
subdirectory
SubDir

Targets

- Target
  
  Client-built.exe
- Size
  
  3.1MB
- MD5
  
  5093a2e35893a68da7c09238084d6f7e
- SHA1
  
  6a593b9a357b500c13d8b98547237c60ad949683
- SHA256
  
  04eac5441314e3a90d9484b12e98e59b30043adcfc6c4098a0543955c737baca
- SHA512
  
  5203cf07ab9922534d7b016f1b53b038b582047a2d571928a4c11ef64c248345ca4c335e5426c030f1f529077c1ba63d38a235082a3fd7ddd932e15fc6ee8374
- SSDEEP
  
  49152:/vHlL26AaNeWgPhlmVqvMQ7XSKsvzuMgAoGd5ITHHB72eh2NT:/vFL26AaNeWgPhlmVqkQ7XSKEzuML
Score

10^/10

quasar office04 spyware trojan discovery
- Quasar RAT
  Quasar is an open source Remote Access Tool.
  trojan spyware quasar
- Quasar family
  quasar
- Quasar payload
- Downloads MZ/PE file
- Executes dropped EXE
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Location Discovery

System Language Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

quasaroffice04spywaretrojan

behavioral2

quasaroffice04discoveryspywaretrojan

© 2018-2025

Terms | Privacy