quasar | f5f3e9b43eec8bff47679ea02aec02edb979051e5fe21cc0f2bf6c919d10c49c | Triage

Sharing

General

Target

f5f3e9b43eec8bff47679ea02aec02edb979051e5fe21cc0f2bf6c919d10c49c
Size

535KB
Sample

210927-wycafahgb3
MD5

3f9a8ee266de6359f15b00036d5f68de
SHA1

a4da83900d535107af9d3002da17304e90f82d98
SHA256

f5f3e9b43eec8bff47679ea02aec02edb979051e5fe21cc0f2bf6c919d10c49c
SHA512

1e701f93913d71486c547b93f7df649a041764d8064075d6e96633126eb91d9f91800ceaf0a7bf2ba2c9709713abe4793cb1c01e15cad4f664c0d64af7396843

Score

10^/10

quasar venomrat target persistence rat rootkit stealer

Malware Config

Extracted

Family

quasar

Version

2.1.0.0

Botnet

Target

C2

127.0.0.1:4782

5.61.58.196:4782

Mutex

VNM_MUTEX_crPIzCvcj61Y0AONus

Attributes

encryption_key
ipvN2WXJtCaOW5xaZeEo
install_name
Defender.exe
log_directory
Logs
reconnect_delay
3000
startup_key
DefenderCheckUpdate
subdirectory
SubDir

Targets

- Target
  
  f5f3e9b43eec8bff47679ea02aec02edb979051e5fe21cc0f2bf6c919d10c49c
- Size
  
  535KB
- MD5
  
  3f9a8ee266de6359f15b00036d5f68de
- SHA1
  
  a4da83900d535107af9d3002da17304e90f82d98
- SHA256
  
  f5f3e9b43eec8bff47679ea02aec02edb979051e5fe21cc0f2bf6c919d10c49c
- SHA512
  
  1e701f93913d71486c547b93f7df649a041764d8064075d6e96633126eb91d9f91800ceaf0a7bf2ba2c9709713abe4793cb1c01e15cad4f664c0d64af7396843
Score

10^/10

venomrat persistence rat rootkit stealer
- VenomRAT
  VenomRAT is a modified version of QuasarRAT with some added features, such as rootkit and stealer capabilites.
  rat rootkit stealer venomrat
- Adds Run key to start application
  persistence
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Registry Run Keys / Startup Folder

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

venomratpersistenceratrootkitstealer

behavioral2

venomratratrootkitstealer