General
-
Target
d955412496d757de71c2704bdadc39245af8cda5f1ba864dedc7cf528dd0c6b3
-
Size
535KB
-
Sample
210302-f277hre3d2
-
MD5
4522c3ecca6abca8109b4e7186d5288e
-
SHA1
96593ecfc2f5309ea7dc9eccc8aabe2d65732643
-
SHA256
d955412496d757de71c2704bdadc39245af8cda5f1ba864dedc7cf528dd0c6b3
-
SHA512
8a9a54cf2ffede5f1f510689964374bf420e4932563251fd5f88e8c166fe9de4ece9c624cd99df75762d929bcfe691178e0686ea0871e394023e3e77f8972676
Malware Config
Targets
-
-
Target
d955412496d757de71c2704bdadc39245af8cda5f1ba864dedc7cf528dd0c6b3
-
Size
535KB
-
MD5
4522c3ecca6abca8109b4e7186d5288e
-
SHA1
96593ecfc2f5309ea7dc9eccc8aabe2d65732643
-
SHA256
d955412496d757de71c2704bdadc39245af8cda5f1ba864dedc7cf528dd0c6b3
-
SHA512
8a9a54cf2ffede5f1f510689964374bf420e4932563251fd5f88e8c166fe9de4ece9c624cd99df75762d929bcfe691178e0686ea0871e394023e3e77f8972676
Score10/10-
Contains code to disable Windows Defender
A .NET executable tasked with disabling Windows Defender capabilities such as realtime monitoring, blocking at first seen, etc.
-
Modifies Windows Defender Real-time Protection settings
-
Quasar RAT
Quasar is an open source Remote Access Tool.
-
VenomRAT
VenomRAT is a modified version of QuasarRAT with some added features, such as rootkit and stealer capabilites.
-
Executes dropped EXE
-
Loads dropped DLL
-
Windows security modification
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Drops file in System32 directory
-