General
-
Target
d7bda4ea100c3b9b58d9a9095628c064.exe
-
Size
72KB
-
Sample
211030-kl1xgsbdfk
-
MD5
d7bda4ea100c3b9b58d9a9095628c064
-
SHA1
70cb92dfc7e0dd76d7db1ee2877d87be8be8b638
-
SHA256
1aec33c9dc704ad71932eee6e128c9eb0908cab49d85f5a0f788484777a68a57
-
SHA512
56b0b05499881cd07aa9efb640d89b1debe2ac3e5378057b350f91d039056799859b53ad330e83af7f79d223bb234df2e1b32a40b3becc7c295049704606f424
Malware Config
Extracted
https://cdn.discordapp.com/attachments/612689775702573066/894910938065547284/Cert.reg
Extracted
https://cdn.discordapp.com/attachments/612689775702573066/894910945422368798/hivee.exe
Extracted
https://cdn.discordapp.com/attachments/612689775702573066/894910956184961054/BITBACKK.exe
Extracted
https://cdn.discordapp.com/attachments/612689775702573066/897976122757746728/dlscord.exe
Extracted
https://cdn.discordapp.com/attachments/612689775702573066/898608127153410129/PaladinsHackFIX.zip
Extracted
quasar
1.4.0
Anubisv2
yoworldservices.space:1338
48e1f30b-026f-45d4-b8f7-2bd40381b7db
-
encryption_key
0411D8B9B23547F86733347B0634010F112E158F
-
install_name
dlscord.exe
-
log_directory
dlscordLogs
-
reconnect_delay
3000
-
startup_key
dlscord
-
subdirectory
dlscord
Targets
-
-
Target
d7bda4ea100c3b9b58d9a9095628c064.exe
-
Size
72KB
-
MD5
d7bda4ea100c3b9b58d9a9095628c064
-
SHA1
70cb92dfc7e0dd76d7db1ee2877d87be8be8b638
-
SHA256
1aec33c9dc704ad71932eee6e128c9eb0908cab49d85f5a0f788484777a68a57
-
SHA512
56b0b05499881cd07aa9efb640d89b1debe2ac3e5378057b350f91d039056799859b53ad330e83af7f79d223bb234df2e1b32a40b3becc7c295049704606f424
Score10/10-
HiveRAT
HiveRAT is an improved version of FirebirdRAT with various capabilities.
-
Quasar Payload
-
Quasar RAT
Quasar is an open source Remote Access Tool.
-
HiveRAT Payload
-
ASPack v2.12-2.42
Detects executables packed with ASPack v2.12-2.42
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-