quasar | 3b39f69d0f4a6940599449eb78a958207e36ede726fc6d4c158cdf321b68523b | Triage

Sharing

General

Target

hello.exe
Size

3.1MB
Sample

250327-1xt63syvfx
MD5

5ea0b798b2a63a8cc91ad44b17a0fe91
SHA1

8eb91782057dc16a4006d70314db6613b3a5d04e
SHA256

3b39f69d0f4a6940599449eb78a958207e36ede726fc6d4c158cdf321b68523b
SHA512

0086a59004d47d78152c3672a655e95aca238c8960551416aee262d373009fc4ecf15f94b254887fc93951650fd463dd61094d18a1ba245945ef1f9239253122
SSDEEP

49152:OvbI22SsaNYfdPBldt698dBcjHo94n4Zjhm7oGdZTHHB72eh2NT:Ovk22SsaNYfdPBldt6+dBcjHo94n4I

Score

10^/10

quasar office04 spyware trojan

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

Office04

C2

79.185.109.198:4782

Mutex

53790885-f84e-49fe-b0f5-533bcec24786

Attributes

encryption_key
3428C8CDB24FFC56DF6BBDDEC9905C3058F7B092
install_name
Client.exe
log_directory
Logs
reconnect_delay
3000
startup_key
Quasar Client Startup
subdirectory
SubDir

Targets

- Target
  
  hello.exe
- Size
  
  3.1MB
- MD5
  
  5ea0b798b2a63a8cc91ad44b17a0fe91
- SHA1
  
  8eb91782057dc16a4006d70314db6613b3a5d04e
- SHA256
  
  3b39f69d0f4a6940599449eb78a958207e36ede726fc6d4c158cdf321b68523b
- SHA512
  
  0086a59004d47d78152c3672a655e95aca238c8960551416aee262d373009fc4ecf15f94b254887fc93951650fd463dd61094d18a1ba245945ef1f9239253122
- SSDEEP
  
  49152:OvbI22SsaNYfdPBldt698dBcjHo94n4Zjhm7oGdZTHHB72eh2NT:Ovk22SsaNYfdPBldt6+dBcjHo94n4I
Score

10^/10

quasar office04 spyware trojan
- Quasar RAT
  Quasar is an open source Remote Access Tool.
  trojan spyware quasar
- Quasar family
  quasar
- Quasar payload
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

quasaroffice04spywaretrojan