Overview

overview

10

Static

static

3

2025-04-19...om.exe

windows10-2004-x64

10

2025-04-19...om.exe

windows11-21h2-x64

10

Analysis

  • max time kernel
    146s
  • max time network
    139s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20250410-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20250410-enlocale:en-usos:windows10-2004-x64system
  • submitted
    19/04/2025, 12:46

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2025-04-19_1f82ce5688a1ddd2c78edd1aa1cf45c5_black-basta_cobalt-strike_satacom.exe

  • Size

    3.6MB

  • MD5

    1f82ce5688a1ddd2c78edd1aa1cf45c5

  • SHA1

    e86638d98caa847d0d65871efbbb38661b824c68

  • SHA256

    ea874b80bf2b9b91e40a47b6b0ae70b0fdd4ae16b9f3824d80d90776667c8b2e

  • SHA512

    ec941365a143ac5699e87ec6c5ff9ef366de1ef5f07e2d57394dcefde639fff571605735452363cfb82c8e30537cc1e47e5199f44efb816f3e0c3e14e2a6f2d2

  • SSDEEP

    98304:mKZPuHbAMo2SB+NA69Tu9dQ7L2gNR9qFSTI:mNMoSB+NAOTu9dQP9/9/

Score
10/10
quasaroffice04spywaretrojan

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

Office04

C2

127.0.0.1:4782

Mutex

f80817f2-eab1-4d18-9eee-2f1cf2a4ab97

Attributes
  • encryption_key

    84895DEABC045196F0C122A7F0DEB1F2D76E0532

  • install_name

    Client.exe

  • log_directory

    Logs

  • reconnect_delay

    3000

  • startup_key

    Quasar Client Startup

  • subdirectory

    SubDir

Signatures

  • Quasar RAT

    Quasar is an open source Remote Access Tool.

    trojanspywarequasar
  • Quasar family
    quasar
  • Quasar payload 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SendNotifyMessage 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2025-04-19_1f82ce5688a1ddd2c78edd1aa1cf45c5_black-basta_cobalt-strike_satacom.exe
    "C:\Users\Admin\AppData\Local\Temp\2025-04-19_1f82ce5688a1ddd2c78edd1aa1cf45c5_black-basta_cobalt-strike_satacom.exe"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    PID:3724

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/3724-0-0x000001E156C50000-0x000001E156F73000-memory.dmp

    Filesize

    3.1MB

    Download

  • memory/3724-1-0x00007FFA9E2A3000-0x00007FFA9E2A5000-memory.dmp

    Filesize

    8KB

    Download

  • memory/3724-2-0x000001E1714D0000-0x000001E1717F4000-memory.dmp

    Filesize

    3.1MB

    Download

  • memory/3724-3-0x00007FFA9E2A0000-0x00007FFA9ED61000-memory.dmp

    Filesize

    10.8MB

    Download

  • memory/3724-4-0x00007FFA9E2A0000-0x00007FFA9ED61000-memory.dmp

    Filesize

    10.8MB

    Download

  • memory/3724-5-0x00007FFA9E2A0000-0x00007FFA9ED61000-memory.dmp

    Filesize

    10.8MB

    Download

  • memory/3724-6-0x00007FFA9E2A0000-0x00007FFA9ED61000-memory.dmp

    Filesize

    10.8MB

    Download

  • memory/3724-7-0x000001E1712A0000-0x000001E1712F0000-memory.dmp

    Filesize

    320KB

    Download

  • memory/3724-8-0x000001E171D40000-0x000001E171DF2000-memory.dmp

    Filesize

    712KB

    Download

  • memory/3724-9-0x00007FFA9E2A3000-0x00007FFA9E2A5000-memory.dmp

    Filesize

    8KB

    Download

  • memory/3724-10-0x00007FFA9E2A0000-0x00007FFA9ED61000-memory.dmp

    Filesize

    10.8MB

    Download