General

  • Target

    03edc744b45a9472a2b000da3ca64ac9c3c52377bca1f841d7c8a0c7e54e5c22

  • Size

    600KB

  • Sample

    201109-8mzsgaf3ba

  • MD5

    7f0f4bc194ecd75ce12204b3c3cce0da

  • SHA1

    0fda5be5b3a59332efd5ce2d902a2cbef5576b51

  • SHA256

    03edc744b45a9472a2b000da3ca64ac9c3c52377bca1f841d7c8a0c7e54e5c22

  • SHA512

    cb1cb30ec78ab43a6eae67ea9a835d8286b92ba01ad42f393e216f7bc4e8756d99675437498723f9bca0bf2e7b81f9ff27960f1265fad0801c821596b4a27473

Malware Config

Targets

    • Target

      03edc744b45a9472a2b000da3ca64ac9c3c52377bca1f841d7c8a0c7e54e5c22

    • Size

      600KB

    • MD5

      7f0f4bc194ecd75ce12204b3c3cce0da

    • SHA1

      0fda5be5b3a59332efd5ce2d902a2cbef5576b51

    • SHA256

      03edc744b45a9472a2b000da3ca64ac9c3c52377bca1f841d7c8a0c7e54e5c22

    • SHA512

      cb1cb30ec78ab43a6eae67ea9a835d8286b92ba01ad42f393e216f7bc4e8756d99675437498723f9bca0bf2e7b81f9ff27960f1265fad0801c821596b4a27473

    • CoreEntity .NET Packer

      A .NET packer called CoreEntity where it has embedded the payload as a BitMap object which is later decrypted.

    • Quasar RAT

      Quasar is an open source Remote Access Tool.

    • rezer0

      Detects ReZer0, a packer with multiple versions used in various campaigns.

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Discovery

Remote System Discovery

1
T1018

Tasks