empyrean | 63b3839dc82c4080192b0181cc8296f1ff1841e2c820260d41544795d70415c5

Sharing

Copy URL

Twitter E-mail

General

Target

discord-image-logger-main.zip
Size

9.5MB
Sample

240626-x9xwyssemm
MD5

bda20f87c5066b9325c521ceb7a62865
SHA1

f8b8a96666cb268d2a482c78fe4b59c4c425d025
SHA256

63b3839dc82c4080192b0181cc8296f1ff1841e2c820260d41544795d70415c5
SHA512

3f952f51118d2d22709bec949af0f9dd55ba0d279acaf534bd4e8c6e07a53b2e149b0470e099db15841a12c6d8a7d5cf2a9989cf3f689228f9e974cc6bb2933b
SSDEEP

196608:hcJoTzcSydKCzyw9QoBIBPuk07PfGAySYEB3IMhYXvBj39gdmW34cJ:hcJwzcSRw9NWBP9+lySYecprumW34cJ

Score

10^/10

Malware Config

Extracted

Family

quasar

Attributes

reconnect_delay
3000

Targets

- Target
  
  discord-image-logger-main.zip
- Size
  
  9.5MB
- MD5
  
  bda20f87c5066b9325c521ceb7a62865
- SHA1
  
  f8b8a96666cb268d2a482c78fe4b59c4c425d025
- SHA256
  
  63b3839dc82c4080192b0181cc8296f1ff1841e2c820260d41544795d70415c5
- SHA512
  
  3f952f51118d2d22709bec949af0f9dd55ba0d279acaf534bd4e8c6e07a53b2e149b0470e099db15841a12c6d8a7d5cf2a9989cf3f689228f9e974cc6bb2933b
- SSDEEP
  
  196608:hcJoTzcSydKCzyw9QoBIBPuk07PfGAySYEB3IMhYXvBj39gdmW34cJ:hcJwzcSRw9NWBP9+lySYecprumW34cJ
Score

1^/10
behavioral1
- Target
  
  discord-image-logger-main/.editorconfig
- Size
  
  158B
- MD5
  
  34972a6636960201f371fde437feeb61
- SHA1
  
  4c1cac0da96766a730ca654ac96b756489e7125b
- SHA256
  
  af6d40deee9e0a2bf5e5bd9e71f857dcdb5c81d5b453425da0616f202b4c679b
- SHA512
  
  952e3af7b03fa3f68e4cc18e77c3c7a7795c86a292fa1e0800dc2372e2111107324287f7d95fbae5e1d312d8809e1d84fcbbed9ed2ea1d96890b93f5775f3211
Score

3^/10
behavioral2
- Target
  
  discord-image-logger-main/.gitignore
- Size
  
  40B
- MD5
  
  99548129ede134f3b093f2632c31e3c6
- SHA1
  
  bf7104b3ab481e8a8ce6c53dfa4d7fb50b9787f6
- SHA256
  
  40e5ba57447ba9d64413af1e81eeeb1a58a6fa09c66d7f5d680842e2eaedccc7
- SHA512
  
  f1dff38d6ea7a9dc4fe1273a2379c535a6d6b5d209d185be6234690be1368b222ca1e1434ff7c34f08685cd38cabe0ce0918e7c43bef6550f7e0ce60384d74f2
Score

3^/10
behavioral3
- Target
  
  discord-image-logger-main/.vscode/settings.json
- Size
  
  53B
- MD5
  
  76a322b0ed73c31e6c0aa1babb1af1c5
- SHA1
  
  de4fcc00897666aee8f6ed2797dc83b870bfaa48
- SHA256
  
  d3c9cdfd35e43a33fec6a7ff05ac8aaa9bdbbc062fe3a79598781f408fee7308
- SHA512
  
  47e1c1270fd3f84d558b002bbf946a1cce3b3f13eb95216e3e052ff4090c59b149148f4e128aee40348db3fc528db923111e4d4afcf1baae5fd577d24a8b89eb
Score

3^/10
behavioral4
- Target
  
  discord-image-logger-main/CONTRIBUTING.md
- Size
  
  1KB
- MD5
  
  e0e6d0734274226c6fa4df1a423c65f1
- SHA1
  
  7c85b84c00fad6e92dd45d560532cb04101584d0
- SHA256
  
  4e8836498c51c5afb831b600289318102088a8418b60550af9c0763de85e2b3f
- SHA512
  
  eb9dd9fb4b089a0665378a49172b013613ec7db3eea9c2f5ea0832579194cc405f2432e307ffb4edf6f7f0bd46e5962044161deb7bba994d35bd882bb7860dd6
Score

3^/10
behavioral5
- Target
  
  discord-image-logger-main/LICENSE.md
- Size
  
  1KB
- MD5
  
  258fbe6a6a66d92f8aef944eeaa547df
- SHA1
  
  a57aa2dace7a2e9e4f997a11cd5cde2a51284218
- SHA256
  
  1e5a9cd584cf92ffdc1b1143804fce7104ad5c5eb71f0bbb1d58452286a1e1a4
- SHA512
  
  a491cd4295e1d1209b2babd1da276233df4718f490f0d99f8e4a2ae6c5c7ef0db707e47bfb997a72d7872cfcc54cb9407998444401bdecabef8127b9caf92f88
Score

3^/10
behavioral6
- Target
  
  discord-image-logger-main/README.md
- Size
  
  3KB
- MD5
  
  d0fb36aa0620a552ad251600639b0e3d
- SHA1
  
  feed8b44b3feb8ac3dafa4ead86f57cb4a2130f2
- SHA256
  
  19732c2c0a1f93ef583efaa98c3a22916914142e82f36afa19356ecd3b2ddbb8
- SHA512
  
  ee9036644b745ab21807a7376a2962c7da538754aa17dd055312994b220e38e6f1d8b4c7e86ffde93dc64cad531a049fd549bbba5879eb6c5fa2862893b53f9c
Score

3^/10
behavioral7
- Target
  
  discord-image-logger-main/builder.bat
- Size
  
  14.9MB
- MD5
  
  70a53c5ec35eefae927a0c413a89937a
- SHA1
  
  1bc9a22903968bfc05b87c1082a5c4242802d4dd
- SHA256
  
  a7aa6fa77e4931544a6966ef435400c52a79af300a548aca4e9c67f72218ac2d
- SHA512
  
  c712f2b98b0eb8c4808e4abcee0cc6100fc3e7d445f40208da0429b754148f190083ce247f183bb112083c15b06f466cbe573fe01f47de3d7958d8624e8d9aae
- SSDEEP
  
  49152:QYwuS617ST7nN2d57VTqUTm0AmK0jEHD5FQ/9gsyuEgPXiGncZwPnzLO1WtJHFi7:S
Score

10^/10

quasar bootkit defense_evasion persistence spyware trojan
- Quasar RAT
  Quasar is an open source Remote Access Tool.
  trojan spyware quasar
- Quasar payload
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Sets service image path in registry
  persistence
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Executes dropped EXE
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Hide Artifacts: Hidden Window
  Windows that would typically be displayed when an application carries out an operation can be hidden.
  defense_evasion
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
- Drops file in System32 directory
- Suspicious use of SetThreadContext
behavioral8
- Target
  
  discord-image-logger-main/img/banner.png
- Size
  
  56KB
- MD5
  
  05bc1a72bba6d3a1e947889816bc5af9
- SHA1
  
  5e79b6679d3879c712f6ffdd71c2765ac35657cc
- SHA256
  
  3aeb09bf487d96bd5f273c66ba5eff9f38aab0caa91fd7d5b9c72e624ba8e45a
- SHA512
  
  4bd44d6b3fd386c053cc3df48d9753224c66211c09a748c82760e53440084abf59d64a588e2606cff38dd6d722777f54fdd0329a34c5145b5304903da4560edc
- SSDEEP
  
  1536:d4N6eeJvm56/WWvRUj6xXvqU9tw7o6666666666666666m:d4NXeJjtRUWRJ9tw866666666666666E
Score

3^/10
behavioral9
- Target
  
  discord-image-logger-main/img/bu0.png
- Size
  
  43KB
- MD5
  
  a88c941f498dbf0d05022cff06719cda
- SHA1
  
  07bb675b8f1828134de837fe1ef457b4a8a89e3e
- SHA256
  
  5f2f94e2206fd6516cde8b3068b31a248d2080a094cd1406a60efb70a7ece42c
- SHA512
  
  b07a06539e5bb58aefc0518cadf856a54a10607d2d5e810cb2b87f6e9722fffacbac06e31b249f2f4c34de22f0e6bd21000e6e9f2d79ccfbcec4214bb181ca71
- SSDEEP
  
  768:RvYHt/p2E9rfhNwMaDTYgPSQXe8htfjDTXwoOD33gbzueCR4akozWV:mH9rrbiqQXJj+D3wbzS6akt
Score

3^/10
behavioral10
- Target
  
  discord-image-logger-main/img/em0.png
- Size
  
  48KB
- MD5
  
  0f1bedcd0ae85f68fdb3e2d041bcea8a
- SHA1
  
  553c7c1a933301790189bad120e4dd6f393ba768
- SHA256
  
  4783a629fbbcc597aaea88afa8147aa285ee9273b1282e350753cf0cdc9a2ba3
- SHA512
  
  85d3cda472591aa14669ba404837d0d7fa03e5b1e8ae877cf69eb4d903fba536528a058410e6d83aa1d32c461a57012b929092bada729ef820b2e4767d6fbde5
- SSDEEP
  
  1536:VgssDNxJeaSA2U+WfPxLLzQbOl1biCVGWj:Ss4Nx5Sq+WRkbA1bikGWj
Score

3^/10
behavioral11
- Target
  
  discord-image-logger-main/img/em1.png
- Size
  
  73KB
- MD5
  
  d558a83af8c6913f87cb82cdb5c2ea0d
- SHA1
  
  e6d0e4f617273f902ca0a7398153519375816dd4
- SHA256
  
  f3bc44f23f86648c8a2c686a88d70f65f403945cf40a679439abb4b0ec5500e9
- SHA512
  
  c0cf2c07e6a479b61b8fb33884dca271c19ce8ceec5114df51074cf4a16179bbb86be9024ab29e7381d94a84f646ae1e168ff9c76dead9f0124f3bc45603e55f
- SSDEEP
  
  1536:MIE9qnfrfc2F52Ii1tBk/vCxVzpSIUhTHXSXg5t4Jh2Rg9w:MIQqg2F0HKCGnhTHXSMtehEg9w
Score

3^/10
behavioral12
- Target
  
  discord-image-logger-main/img/em2.png
- Size
  
  99KB
- MD5
  
  044128768f6dd149fee0dd0c9907bb45
- SHA1
  
  d5cdd34603c4484634de0579900d407fe8227dca
- SHA256
  
  66299c0c3bd727b4a291449fd62e822fe72e61efc9ab9e187dd90805c664df58
- SHA512
  
  909f4aa394df8603bc9284b28b540e8ef3c8d20b0f149a81f32a47cfde6be10686beb24e4df768fc3a366616b2b53b781e4d7dfe4fee65b70a2213fddd731cf8
- SSDEEP
  
  1536:E3xhsHb9YbG6c+x0Nev04zCzq7sg4qlGyPJaFWx4REQdRm6dQAQbNwWi7Wn18NZ9:E3QHbQNF01qDl7PQRxR+O7WnqNZ/ICl
Score

3^/10
behavioral13
- Target
  
  discord-image-logger-main/img/em3.png
- Size
  
  54KB
- MD5
  
  8350a5245117e54b3ba123e1e3140756
- SHA1
  
  32dc8fdde2cc059c039262c28427ee61e8e5fd43
- SHA256
  
  bd1cf11afe2160405a36e2e7d4c4f2dafce9efe5ccb4dc96a7aadce6d6e5be80
- SHA512
  
  44c82ce5df65cc84f78ce6eff8bbfd05431fa6be34dab2e8342d12bf554c8b4717c2a6f0d6aa71bfbae8ae587bf91361e2e07373f54f9760062c7535045c811e
- SSDEEP
  
  768:do43ADEpUreId9rmOa45hB6wMimFxP19D6QnE049zIEn8Mval3jChiRlQ66x4m:uopUbfrmk5hZMisxPjmQnE0eBJazQ5N
Score

3^/10
behavioral14
- Target
  
  discord-image-logger-main/img/footer.png
- Size
  
  39KB
- MD5
  
  a7d50223d0dedc64c4722572beeddc1a
- SHA1
  
  d5826940d2afeac8da8deeec303d1418f8b9dd0e
- SHA256
  
  372a5a48bc48ec8589372acfb90f930418b460577958d3af2a2912ecfaeaf405
- SHA512
  
  e4b48e9474b593c00a8881040c1fbbe5609e982ceb7e8063b5bf021637c6b63a9f7c73ea0e97ee365dfaac76afa96e20cdd8b198c3bf966bdb47db97331df564
- SSDEEP
  
  768:mNJXmelU5mHSSHDtC/xgzzlQ/4F8PPgKFcFKth0O0/PXVJz6:delUo7j4Jpc8hMAh0O0HX7O
Score

3^/10
behavioral15
- Target
  
  discord-image-logger-main/src/components/antidebug.py
- Size
  
  11KB
- MD5
  
  26435fe69fcfe6322679c9df730cd0b0
- SHA1
  
  95a305df9fae655cc4b34eb0d5cad8848a4c9100
- SHA256
  
  101b5276bcaae253319cfc1f0f6b6a1688d9286c7852f8e12d00c698b2ae117c
- SHA512
  
  26e7750c235cfc734d86502f85f1620c4698bde6e377a2264bddd3017bb8891110e49ead665b59330666d2dd4686c8e657fb080554905dbb9976c8846781c963
- SSDEEP
  
  192:0PRZOKV83Gsn8ZBwh9JYmypzrKU8zrPsR0TtsBWaOJjd5vpV5M7/V/c:0ZTd+nJYJzrn+rgeeWaOJjd5vpVC6
Score

3^/10
behavioral16
- Target
  
  discord-image-logger-main/src/components/browsers.py
- Size
  
  16KB
- MD5
  
  1fa5ec2594e7dc5ba902baa17c26c396
- SHA1
  
  9cc476e8f5068edde04fb74b8d553b9920bb7e22
- SHA256
  
  fcc7ce278bc39a6f36772e45ca5a9c52bc1457bbcb451587c8812fe090fe0e37
- SHA512
  
  57ff299400b36ad38fb04728c6416c3b45decc88f6258a5df66bf6bd388575c7ccee5837e0903f44bfb90ff319a9bf6cee046ea316a8f50f365e9418e888b922
- SSDEEP
  
  384:ljE+Bs45wvwmzwCN903g6YeNlO3+B73Rk:BE+SYrCN903g6PNlO3+B7K
Score

3^/10
behavioral17
- Target
  
  discord-image-logger-main/src/components/discordtoken.py
- Size
  
  17KB
- MD5
  
  c3d9cbff92171f3004bb29fc5c8e0d49
- SHA1
  
  972e9a36b103a7c41a26d7f1817ffeeff8dbfb3c
- SHA256
  
  18df4cedcec576281fa110f1597b8c300a6d8915fb34a05616b92ce00a1108ce
- SHA512
  
  3ba2c6a271cec1b7988f39aa43358bb2fdcf7581dfbbca55adc568595995a1388b53a73279833fac747775304d6d58a98b02830082d164ead89cb1a23e3e7de2
- SSDEEP
  
  384:ig9WPIDbhMUN7Qr4cq4cn6vPuk6ii34zSJPuE8q7rqLFBISJ:4Iz7C4F4o6XuVii34zSr8cr8vpJ
Score

3^/10
behavioral18
- Target
  
  discord-image-logger-main/src/components/injection.py
- Size
  
  2KB
- MD5
  
  1bfaa460966bb67499e24c44e2ae4f3f
- SHA1
  
  d79d21cd4518324d0c59fa6e183bc91df1c08433
- SHA256
  
  a9d1ad9132081e78a68e9bc71d315b74b4005f67e2667dc933db2be79e297e6c
- SHA512
  
  6e1fe9f8a5359abb7409f5b6177908968d5714dabb6e647b7a63c88ae02f06d7c16acb13895d896688ca4558ee64f2f80f2b02ec37879bd5b4b4bd7b5c66221f
Score

3^/10
behavioral19
- Target
  
  discord-image-logger-main/src/components/startup.py
- Size
  
  1KB
- MD5
  
  d17d405ca05de43451c90ed876382851
- SHA1
  
  5d79d59b7c7d84da78b16c3b11ccc329a85974c6
- SHA256
  
  e93db849ec64a2c100f7d07bb1267edb96177b4097573796213fe19623b85e57
- SHA512
  
  7e2f8325cae28528d84fe1967ded6375d8b581d99a93d5b2dbae8f7a7af03c60cadacd21bd0d29771ccb0dc438e5aac30321f251db44124ab841f267a0ff887b
Score

3^/10
behavioral20
- Target
  
  discord-image-logger-main/src/components/systeminfo.py
- Size
  
  6KB
- MD5
  
  2737cd3bd851c13c1c5c651e045e75d7
- SHA1
  
  828797243a9051d1461abebb90e162bd192f2c8a
- SHA256
  
  6689a267860ff5972229c33934af6356b4828b05ae214d2024f62bd113916a4a
- SHA512
  
  01d7b0e9c77585e08516c2443797f77c45db861a23f38fccad80036fe3f3ba270add2946317ef5405c608c2f8628910cf38c511cc8d7e94987730e3fe8f71e10
- SSDEEP
  
  96:o62a5Q8kjqXmBHyCOMLdpvlGa4sVV2iHxhwqf+zadcTP9eTnSIf:PQRy4Tka/T2UIzaaL9erj
Score

3^/10
behavioral21
- Target
  
  discord-image-logger-main/src/config.py
- Size
  
  197B
- MD5
  
  f9db0f9a37e5d0b737dd22c3a0473d6d
- SHA1
  
  21b489d27337761e2dd5d6c50f4114ad73777800
- SHA256
  
  dc3606aa2b6342da0fe23a0a5859cf2f2be3d4bc0ec49f0dd4c79201db68c541
- SHA512
  
  12b32a522d848c76b984182f9827d22aea2e7c282b0f03db7b5d78e121157de6b67ee0e6031a44067c59efa146f1d5515514f9e27232778a56720582b7ec7d1d
Score

3^/10
behavioral22
- Target
  
  discord-image-logger-main/src/main.py
- Size
  
  848B
- MD5
  
  c7e2a6f36eead941802e707eb246da84
- SHA1
  
  4406272e8c7a9b8cb5684373c43f3368b2cb44dd
- SHA256
  
  eff558ffa171814712d1605c72fe8eba833f1682ef7efc8285dcf5303f4c5f41
- SHA512
  
  a6191c28c66c9c33d7bf070b36b5cb6ace45e06593cf4368cfd60e10a28bc846100be7efa025e1e12f5b4c3e0217ae5ec185142d1a4ea5db7aa1a5d585afdbeb
Score

3^/10
behavioral23

MITRE ATT&CK Matrix ATT&CK v13

Tasks

Sharing

General

Malware Config

Extracted

Targets

Quasar RAT

Quasar payload

Suspicious use of NtCreateUserProcessOtherParentProcess

Sets service image path in registry

Checks BIOS information in registry

Checks computer location settings

Deletes itself

Executes dropped EXE

Enumerates connected drives

Hide Artifacts: Hidden Window

Writes to the Master Boot Record (MBR)

Drops file in System32 directory

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v13

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23