quasar | 406782fab39b7790abbf943a12c78ff179762f9f322834f18acfa26df5182f1e | Triage

Submit
Reports

Overview

overview

Static

static

Client-built.exe

windows11-21h2-x64

Sharing

General

Target

Client-built.exe
Size

502KB
Sample

250218-k9j9msyqfz
MD5

602837fad63b649c4c7773cfbbb7cd85
SHA1

1a64f6bd65309d68ba65e1f39c051ddf85e775b5
SHA256

406782fab39b7790abbf943a12c78ff179762f9f322834f18acfa26df5182f1e
SHA512

940852e937a2d512c8519ea72a16e0b0835c5a49798c009bf84a2371ba33f473216e1ac747005e012da10e15b2d3ecb2b965e6610cfa8abc01d58c38d382639c
SSDEEP

6144:ITEgdc0YsXAGbgiIN2RSBSjZdTEDWKzDkQfocEgOb8F9MAS8zCcTR3m:ITEgdfYWbgfVDkQpSAS82cdm

Score

10^/10

quasar office04 defense_evasion discovery spyware trojan

Static task

static1

office04 quasar

3 signatures

Behavioral task

behavioral1

Sample

Client-built.exe

Resource

win11-20250217-en

quasar office04 defense_evasion discovery spyware trojan

windows11-21h2-x64

17 signatures

150 seconds

Malware Config

Extracted

Family

quasar

Version

1.4.0

Botnet

Office04

C2

192.168.2.52:4782

Mutex

b5241324-7d53-4190-bf4b-6bc42688570e

Attributes

encryption_key
15DE57E734A2092B4BCFD15B643025D46C48C057
install_name
Client.exe
log_directory
Logs
reconnect_delay
3000
startup_key
Quasar Client Startup
subdirectory
SubDir

Targets

- Target
  
  Client-built.exe
- Size
  
  502KB
- MD5
  
  602837fad63b649c4c7773cfbbb7cd85
- SHA1
  
  1a64f6bd65309d68ba65e1f39c051ddf85e775b5
- SHA256
  
  406782fab39b7790abbf943a12c78ff179762f9f322834f18acfa26df5182f1e
- SHA512
  
  940852e937a2d512c8519ea72a16e0b0835c5a49798c009bf84a2371ba33f473216e1ac747005e012da10e15b2d3ecb2b965e6610cfa8abc01d58c38d382639c
- SSDEEP
  
  6144:ITEgdc0YsXAGbgiIN2RSBSjZdTEDWKzDkQfocEgOb8F9MAS8zCcTR3m:ITEgdfYWbgfVDkQpSAS82cdm
Score

10^/10

quasar office04 defense_evasion discovery spyware trojan
- Quasar RAT
  Quasar is an open source Remote Access Tool.
  trojan spyware quasar
- Quasar family
  quasar
- Quasar payload
- Downloads MZ/PE file
- Executes dropped EXE
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Subvert Trust Controls

SIP and Trust Provider Hijacking

Credential Access

Discovery

Browser Information Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

quasaroffice04defense_evasiondiscoveryspywaretrojan

© 2018-2025

Terms | Privacy