General
-
Target
23210003a18c718c32fdd5de4d4ac93ed751458b7971c824f1aad0620b05bff7
-
Size
534KB
-
Sample
201110-jyxys275v2
-
MD5
f811e2467c4093bffa92ec60e7157500
-
SHA1
2d9c29b8d7156619d144e14ffc2a1ab12424b883
-
SHA256
23210003a18c718c32fdd5de4d4ac93ed751458b7971c824f1aad0620b05bff7
-
SHA512
f32962a0f05e2918472a74632515596e2152e5e7fd2300c0238aeec73ca03fc2b35301ed9ef3f0a3e42e978c08d562dcd113ddb4ed9b86762f40cd3a59349f5d
Malware Config
Targets
-
-
Target
23210003a18c718c32fdd5de4d4ac93ed751458b7971c824f1aad0620b05bff7
-
Size
534KB
-
MD5
f811e2467c4093bffa92ec60e7157500
-
SHA1
2d9c29b8d7156619d144e14ffc2a1ab12424b883
-
SHA256
23210003a18c718c32fdd5de4d4ac93ed751458b7971c824f1aad0620b05bff7
-
SHA512
f32962a0f05e2918472a74632515596e2152e5e7fd2300c0238aeec73ca03fc2b35301ed9ef3f0a3e42e978c08d562dcd113ddb4ed9b86762f40cd3a59349f5d
Score10/10-
Contains code to disable Windows Defender
A .NET executable tasked with disabling Windows Defender capabilities such as realtime monitoring, blocking at first seen, etc.
-
Modifies Windows Defender Real-time Protection settings
-
Quasar RAT
Quasar is an open source Remote Access Tool.
-
VenomRAT
VenomRAT is a modified version of QuasarRAT with some added features, such as rootkit and stealer capabilites.
-
Executes dropped EXE
-
Loads dropped DLL
-
Windows security modification
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-