Overview

overview

10

Static

static

10

TPM tools.exe

windows11-21h2-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    TPM tools.exe

  • Size

    3.1MB

  • Sample

    250420-p1cknaypt5

  • MD5

    96b2bd92ca8b0905d6808651598b9ba2

  • SHA1

    6829193429761255b2c56b25b0a25dc641310b11

  • SHA256

    101e3d6e8d2128e72df1070b04033c2ffed72f0464dd3f6e7575f7ad966e0aa6

  • SHA512

    7fdc86267110bab8ff592b48735cc7452266fa9b9fcc380e0993c34f8435b03773cd7ee548a7d4461770691bd5135d6713a60bb2278c4c55ec085718d7b7a291

  • SSDEEP

    49152:Kvht62XlaSFNWPjljiFa2RoUYI7CU1JkLoGdUTHHB72eh2NT:KvL62XlaSFNWPjljiFXRoUYI7CF

Score
10/10
quasaroffice04spywaretrojan

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

Office04

C2

192.168.1.117:4782

Mutex

a7074e5e-ed13-4240-b2bd-3139cf111cf4

Attributes
  • encryption_key

    B1A93851F2B7AB11E1C412D6A94DD30CC9FC53BD

  • install_name

    Client.exe

  • log_directory

    Logs

  • reconnect_delay

    3000

  • startup_key

    java update

  • subdirectory

    SubDir

Targets

    • Target

      TPM tools.exe

    • Size

      3.1MB

    • MD5

      96b2bd92ca8b0905d6808651598b9ba2

    • SHA1

      6829193429761255b2c56b25b0a25dc641310b11

    • SHA256

      101e3d6e8d2128e72df1070b04033c2ffed72f0464dd3f6e7575f7ad966e0aa6

    • SHA512

      7fdc86267110bab8ff592b48735cc7452266fa9b9fcc380e0993c34f8435b03773cd7ee548a7d4461770691bd5135d6713a60bb2278c4c55ec085718d7b7a291

    • SSDEEP

      49152:Kvht62XlaSFNWPjljiFa2RoUYI7CU1JkLoGdUTHHB72eh2NT:KvL62XlaSFNWPjljiFXRoUYI7CF

    Score
    10/10
    quasaroffice04spywaretrojan

    • Quasar RAT

      Quasar is an open source Remote Access Tool.

      trojanspywarequasar

    • Quasar family

      quasar

    • Quasar payload

    • Executes dropped EXE

    behavioral1

MITRE ATT&CK Enterprise v16

Tasks