quasar | ca836ea84ec237db743f78ddeef8884260cb873dc0f41d82dd03e3b3e8c154e2 | Triage

Submit
Reports

Overview

overview

Static

static

3

2025-04-19...om.exe

windows10-2004-x64

2025-04-19...om.exe

windows11-21h2-x64

Sharing

General

Target

2025-04-19_bb2609006530c823044bfa8c88a36899_black-basta_cobalt-strike_satacom
Size

3.6MB
Sample

250419-q73k4axvfv
MD5

bb2609006530c823044bfa8c88a36899
SHA1

a3ee585e44fa7beeaf2720092088abdb31a8ba14
SHA256

ca836ea84ec237db743f78ddeef8884260cb873dc0f41d82dd03e3b3e8c154e2
SHA512

2fa44b55541426a636d20354999b9f8ba6e41851dd2018df2e2361e19173bf7bd28ea617e79ba80c8075f9e3da771cc5a383b2e9a16fc300447e546fc4da1a68
SSDEEP

98304:ZKYPuHbAMo2SB+NA69Tu9dQ7L2gNR9qFSTI:ZuMoSB+NAOTu9dQP9/9/

Score

10^/10

quasar office04 spyware trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

2025-04-19_bb2609006530c823044bfa8c88a36899_black-basta_cobalt-strike_satacom.exe

Resource

win10v2004-20250314-en

quasar office04 spyware trojan

windows10-2004-x64

6 signatures

150 seconds

Behavioral task

behavioral2

Sample

2025-04-19_bb2609006530c823044bfa8c88a36899_black-basta_cobalt-strike_satacom.exe

Resource

win11-20250410-en

quasar office04 spyware trojan

windows11-21h2-x64

6 signatures

150 seconds

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

Office04

C2

127.0.0.1:4782

Mutex

f80817f2-eab1-4d18-9eee-2f1cf2a4ab97

Attributes

encryption_key
84895DEABC045196F0C122A7F0DEB1F2D76E0532
install_name
Client.exe
log_directory
Logs
reconnect_delay
3000
startup_key
Quasar Client Startup
subdirectory
SubDir

Targets

- Target
  
  2025-04-19_bb2609006530c823044bfa8c88a36899_black-basta_cobalt-strike_satacom
- Size
  
  3.6MB
- MD5
  
  bb2609006530c823044bfa8c88a36899
- SHA1
  
  a3ee585e44fa7beeaf2720092088abdb31a8ba14
- SHA256
  
  ca836ea84ec237db743f78ddeef8884260cb873dc0f41d82dd03e3b3e8c154e2
- SHA512
  
  2fa44b55541426a636d20354999b9f8ba6e41851dd2018df2e2361e19173bf7bd28ea617e79ba80c8075f9e3da771cc5a383b2e9a16fc300447e546fc4da1a68
- SSDEEP
  
  98304:ZKYPuHbAMo2SB+NA69Tu9dQ7L2gNR9qFSTI:ZuMoSB+NAOTu9dQP9/9/
Score

10^/10

quasar office04 spyware trojan
- Quasar RAT
  Quasar is an open source Remote Access Tool.
  trojan spyware quasar
- Quasar family
  quasar
- Quasar payload
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

quasaroffice04spywaretrojan

behavioral2

quasaroffice04spywaretrojan

© 2018-2025

Terms | Privacy