Overview

overview

10

Static

static

3

e4fcf1f6b7...11.exe

windows7-x64

7

e4fcf1f6b7...11.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    3ab2e15255e0fa57aecb0571a657dc175a22a42177d09edd4440bd87bcf40a0e

  • Size

    135KB

  • Sample

    240706-bsh6ksthjd

  • MD5

    98447d515c145376ed8ad08e2f87f475

  • SHA1

    d28f575109ae41d1009f18d8c064de7c8bc814a4

  • SHA256

    3ab2e15255e0fa57aecb0571a657dc175a22a42177d09edd4440bd87bcf40a0e

  • SHA512

    4da9577717a335dc46bd35bcc27b005c0eef30a67722763f5952a00c1bb147503f2706567e0de056703a735756defb52d30be7a5a7cf98d8bfa8cefa112d4a0e

  • SSDEEP

    3072:Q2YinshBEali5qCmS86e/06TdDQI1X657KlSmVkn5XXP:Q2YRaaZzS8v06Th657KPkn1XP

Score
10/10
quasarpersistencespywaretrojan

Malware Config

Targets

    • Target

      e4fcf1f6b71043e7c7c32f6954a0a1972696fa1bb9b6543ead14e85626890a11.exe

    • Size

      294KB

    • MD5

      04c30859516960ad61fcda864c16ea84

    • SHA1

      c5893f23d34826eb061cbff517843793f13b0e6a

    • SHA256

      e4fcf1f6b71043e7c7c32f6954a0a1972696fa1bb9b6543ead14e85626890a11

    • SHA512

      ef58cd9756f6d89b9752a6a233e388bfca9d1cb707af641ef95f04181b142e260c4c5c8e034270de35cd88cf569d81cebbcdc5af3749840436d006859cc6230c

    • SSDEEP

      3072:7o7lYJHuSHgB24g54PzOOqJYGk6/uGDB0C6Z3pMJCv5Aa5OZw1Rvbq/ZU1os8rG1:U7lRw4vB890C6ZwLORvbq/uv8M

    Score
    10/10
    persistencequasarspywaretrojan

    • Quasar RAT

      Quasar is an open source Remote Access Tool.

      trojanspywarequasar

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Adds Run key to start application

      persistence

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks