quasar | de5fdd1c4eab3b2ac4281b03fc7a1b24bd815f6b12bce909755fe2738ab94c44 | Triage

Sharing

General

Target

Client-built.exe
Size

3.1MB
Sample

250324-nyndpsspw7
MD5

621755714a193b4d557c2477c185a080
SHA1

0fa113b4ee92a92274d85ef8b5bccced70f96b74
SHA256

de5fdd1c4eab3b2ac4281b03fc7a1b24bd815f6b12bce909755fe2738ab94c44
SHA512

b53972b855f6249ce277cd212933a9bb2f795c1e2e263fec62a6a7068ab9b4541ea99a82b5c3443c3a29486f4f6615f03b7721b7747a46b503a75e342b155ce6
SSDEEP

98304:6vI62XlaSFNWPjljiFXRoUYID9RJ61Zf:MAZYcY

Score

10^/10

quasar office04 spyware trojan

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

Office04

C2

10.0.2.15:4782

Mutex

e5b62a3f-1d76-4ce3-b145-c4738e342ae6

Attributes

encryption_key
5A573CB681082703764120F09BB1C9929732AAD8
install_name
Client.exe
log_directory
Logs
reconnect_delay
3000
startup_key
Quasar Client Startup
subdirectory
SubDir

Targets

- Target
  
  Client-built.exe
- Size
  
  3.1MB
- MD5
  
  621755714a193b4d557c2477c185a080
- SHA1
  
  0fa113b4ee92a92274d85ef8b5bccced70f96b74
- SHA256
  
  de5fdd1c4eab3b2ac4281b03fc7a1b24bd815f6b12bce909755fe2738ab94c44
- SHA512
  
  b53972b855f6249ce277cd212933a9bb2f795c1e2e263fec62a6a7068ab9b4541ea99a82b5c3443c3a29486f4f6615f03b7721b7747a46b503a75e342b155ce6
- SSDEEP
  
  98304:6vI62XlaSFNWPjljiFXRoUYID9RJ61Zf:MAZYcY
Score

10^/10

quasar office04 spyware trojan
- Quasar RAT
  Quasar is an open source Remote Access Tool.
  trojan spyware quasar
- Quasar family
  quasar
- Quasar payload
- Executes dropped EXE
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

quasaroffice04spywaretrojan