Overview

overview

10

Static

static

10

circinfo (1).exe

windows10-1703-x64

10

circinfo (1).exe

windows11-21h2-x64

10

Analysis

  • max time kernel
    24s
  • max time network
    19s
  • platform
    windows10-1703_x64
  • resource
    win10-20240404-en
  • resource tags

    arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
  • submitted
    30-06-2024 18:03

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    circinfo (1).exe

  • Size

    3.1MB

  • MD5

    2763babfb8b326e2d65a72df26addb5a

  • SHA1

    a1149202d460f732f18b54169623fd58ba2fc43e

  • SHA256

    070e3261185784ceb8344c68850dab238d23dfe9935667e28ccc329a21105dfb

  • SHA512

    3304f94d612bc71ac592f22be081b861aa7339e979cbf700391f9687d452b4ddfb79de03f78dc280fe7d60cb960457be45da5bc62d5c48405d0450907c3eeb49

  • SSDEEP

    49152:vvRG42pda6D+/PjlLOlg6yQipVNxQEC3pk/JxyoGdgfUTHHB72eh2NT:vvg42pda6D+/PjlLOlZyQipVNxpY

Score
10/10
quasarmotherfuckerspywaretrojan

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

MotherFucker

C2

registration-suspected.gl.at.ply.gg:60152

127.0.0.1:240
Mutex

7e923a0e-cb03-48fc-87a3-d5d222b55fa8

Attributes
  • encryption_key

    43F51C3DD1637A1DF460F58619C015C31CCF137E

  • install_name

    Client.exe

  • log_directory

    Logs

  • reconnect_delay

    3000

  • startup_key

    Quasar Client Startup

  • subdirectory

    SubDir

Signatures

  • Quasar RAT

    Quasar is an open source Remote Access Tool.

    trojanspywarequasar
  • Quasar payload 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\circinfo (1).exe
    "C:\Users\Admin\AppData\Local\Temp\circinfo (1).exe"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:2804

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2804-0-0x00007FF8C32C3000-0x00007FF8C32C4000-memory.dmp
    Filesize

    4KB

    Download
  • memory/2804-1-0x0000000000990000-0x0000000000CB4000-memory.dmp
    Filesize

    3.1MB

    Download
  • memory/2804-2-0x00007FF8C32C0000-0x00007FF8C3CAC000-memory.dmp
    Filesize

    9.9MB

    Download
  • memory/2804-3-0x000000001B8F0000-0x000000001B940000-memory.dmp
    Filesize

    320KB

    Download
  • memory/2804-4-0x000000001BD10000-0x000000001BDC2000-memory.dmp
    Filesize

    712KB

    Download
  • memory/2804-7-0x000000001BC50000-0x000000001BC62000-memory.dmp
    Filesize

    72KB

    Download
  • memory/2804-8-0x000000001BCB0000-0x000000001BCEE000-memory.dmp
    Filesize

    248KB

    Download
  • memory/2804-9-0x00007FF8C32C3000-0x00007FF8C32C4000-memory.dmp
    Filesize

    4KB

    Download
  • memory/2804-10-0x00007FF8C32C0000-0x00007FF8C3CAC000-memory.dmp
    Filesize

    9.9MB

    Download