Overview

overview

1

Static

static

quaesarRAT.exe

windows7_x64

1

quaesarRAT.exe

windows10_x64

1

Analysis

  • max time kernel
    149s
  • max time network
    151s
  • platform
    windows7_x64
  • resource
    win7v20201028
  • submitted
    14-01-2021 13:15

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    quaesarRAT.exe

  • Size

    502KB

  • MD5

    b8113d9a01863bb71f9fa703dc2c097a

  • SHA1

    a0de48ad316d3e75cf953119156ba54acfbfcfdb

  • SHA256

    30d0dbca371f2ff26ef49bdd905f429563cfd1e3cf1309bc794ed8a5b8a55a11

  • SHA512

    f6c1a7093a10854a7b59fd466d8ceaf6e77fb3e8ebf741937994d2b3c8bd3bbf4bdd2ec8d58abc9bc41cd94762731126061f2b8ab4eeae52eef3bfe747608b70

Score
1/10

Malware Config

Signatures

  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\quaesarRAT.exe
    "C:\Users\Admin\AppData\Local\Temp\quaesarRAT.exe"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:596

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/596-2-0x000007FEF5620000-0x000007FEF600C000-memory.dmp

    Filesize

    9.9MB

    Download

  • memory/596-3-0x00000000010A0000-0x00000000010A1000-memory.dmp

    Filesize

    4KB

    Download