quasar | 772d48ac3ed6e1bd6094d3a31678caa0f3de77f2fb64ac4f52659683c6c6dddc | Triage

Submit
Reports

Overview

overview

Static

static

3

2025-04-19...om.exe

windows10-2004-x64

2025-04-19...om.exe

windows11-21h2-x64

Sharing

General

Target

2025-04-19_05ddb104906f6ea114b687fffece5b95_black-basta_cobalt-strike_satacom
Size

1.7MB
Sample

250419-t3xqts1tbv
MD5

05ddb104906f6ea114b687fffece5b95
SHA1

250f2dd9f6a3b5660c1cd72fc3747f238b2f8625
SHA256

772d48ac3ed6e1bd6094d3a31678caa0f3de77f2fb64ac4f52659683c6c6dddc
SHA512

3e3014ef6c9da9f0fcb4b3014a76d70fe7272bf0a1633557f84367ceb745eefe7936e02d15c8f170dab3b9efd032eaa05d3fb31da0302d2b0f40cc974411f611
SSDEEP

49152:lQfiZ7qCLpHLuxk7XKL7lMQ3uIf4g0eGh3i:lT3qqjKL7ln3uIf4gqc

Score

10^/10

quasar office04 spyware trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

2025-04-19_05ddb104906f6ea114b687fffece5b95_black-basta_cobalt-strike_satacom.exe

Resource

win10v2004-20250410-en

quasar office04 spyware trojan

windows10-2004-x64

13 signatures

150 seconds

Behavioral task

behavioral2

Sample

2025-04-19_05ddb104906f6ea114b687fffece5b95_black-basta_cobalt-strike_satacom.exe

Resource

win11-20250410-en

quasar office04 spyware trojan

windows11-21h2-x64

12 signatures

150 seconds

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

Office04

C2

192.168.110.238:4782

Mutex

fe3c09da-272f-47ae-bbc2-f769a61800a8

Attributes

encryption_key
D8E1C53E54B16A3F7E334DC084C4452B36785B7D
install_name
Client.exe
log_directory
Logs
reconnect_delay
3000
startup_key
Quasar Client Startup
subdirectory
SubDir

Targets

- Target
  
  2025-04-19_05ddb104906f6ea114b687fffece5b95_black-basta_cobalt-strike_satacom
- Size
  
  1.7MB
- MD5
  
  05ddb104906f6ea114b687fffece5b95
- SHA1
  
  250f2dd9f6a3b5660c1cd72fc3747f238b2f8625
- SHA256
  
  772d48ac3ed6e1bd6094d3a31678caa0f3de77f2fb64ac4f52659683c6c6dddc
- SHA512
  
  3e3014ef6c9da9f0fcb4b3014a76d70fe7272bf0a1633557f84367ceb745eefe7936e02d15c8f170dab3b9efd032eaa05d3fb31da0302d2b0f40cc974411f611
- SSDEEP
  
  49152:lQfiZ7qCLpHLuxk7XKL7lMQ3uIf4g0eGh3i:lT3qqjKL7ln3uIf4gqc
Score

10^/10

quasar office04 spyware trojan
- Quasar RAT
  Quasar is an open source Remote Access Tool.
  trojan spyware quasar
- Quasar family
  quasar
- Quasar payload
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
behavioral1 behavioral2

MITRE ATT&CK Enterprise v16

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

quasaroffice04spywaretrojan

behavioral2

quasaroffice04spywaretrojan

© 2018-2025

Terms | Privacy