quasar | ea874b80bf2b9b91e40a47b6b0ae70b0fdd4ae16b9f3824d80d90776667c8b2e | Triage

Submit
Reports

Overview

overview

Static

static

3

2025-04-19...om.exe

windows10-2004-x64

2025-04-19...om.exe

windows11-21h2-x64

Sharing

General

Target

2025-04-19_1f82ce5688a1ddd2c78edd1aa1cf45c5_black-basta_cobalt-strike_satacom
Size

3.6MB
Sample

250419-pz5vtawtet
MD5

1f82ce5688a1ddd2c78edd1aa1cf45c5
SHA1

e86638d98caa847d0d65871efbbb38661b824c68
SHA256

ea874b80bf2b9b91e40a47b6b0ae70b0fdd4ae16b9f3824d80d90776667c8b2e
SHA512

ec941365a143ac5699e87ec6c5ff9ef366de1ef5f07e2d57394dcefde639fff571605735452363cfb82c8e30537cc1e47e5199f44efb816f3e0c3e14e2a6f2d2
SSDEEP

98304:mKZPuHbAMo2SB+NA69Tu9dQ7L2gNR9qFSTI:mNMoSB+NAOTu9dQP9/9/

Score

10^/10

quasar office04 spyware trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

2025-04-19_1f82ce5688a1ddd2c78edd1aa1cf45c5_black-basta_cobalt-strike_satacom.exe

Resource

win10v2004-20250410-en

quasar office04 spyware trojan

windows10-2004-x64

6 signatures

150 seconds

Behavioral task

behavioral2

Sample

2025-04-19_1f82ce5688a1ddd2c78edd1aa1cf45c5_black-basta_cobalt-strike_satacom.exe

Resource

win11-20250410-en

quasar office04 spyware trojan

windows11-21h2-x64

6 signatures

150 seconds

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

Office04

C2

127.0.0.1:4782

Mutex

f80817f2-eab1-4d18-9eee-2f1cf2a4ab97

Attributes

encryption_key
84895DEABC045196F0C122A7F0DEB1F2D76E0532
install_name
Client.exe
log_directory
Logs
reconnect_delay
3000
startup_key
Quasar Client Startup
subdirectory
SubDir

Targets

- Target
  
  2025-04-19_1f82ce5688a1ddd2c78edd1aa1cf45c5_black-basta_cobalt-strike_satacom
- Size
  
  3.6MB
- MD5
  
  1f82ce5688a1ddd2c78edd1aa1cf45c5
- SHA1
  
  e86638d98caa847d0d65871efbbb38661b824c68
- SHA256
  
  ea874b80bf2b9b91e40a47b6b0ae70b0fdd4ae16b9f3824d80d90776667c8b2e
- SHA512
  
  ec941365a143ac5699e87ec6c5ff9ef366de1ef5f07e2d57394dcefde639fff571605735452363cfb82c8e30537cc1e47e5199f44efb816f3e0c3e14e2a6f2d2
- SSDEEP
  
  98304:mKZPuHbAMo2SB+NA69Tu9dQ7L2gNR9qFSTI:mNMoSB+NAOTu9dQP9/9/
Score

10^/10

quasar office04 spyware trojan
- Quasar RAT
  Quasar is an open source Remote Access Tool.
  trojan spyware quasar
- Quasar family
  quasar
- Quasar payload
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

quasaroffice04spywaretrojan

behavioral2

quasaroffice04spywaretrojan

© 2018-2025

Terms | Privacy