General
-
Target
Advanced SystemCare Pro v15.0.1.125 + Fix\Setup\Setup.exe
-
Size
53.8MB
-
Sample
211202-clzenadcc5
-
MD5
52c09800f066fe865aeafe3bb25ba350
-
SHA1
a5ef95fa24aacb995dd375025df9f953c8c9653f
-
SHA256
ee9bd71a7e6fa22e250a7372039d0779966029a7e0b8ff103c9bb34314f98590
-
SHA512
79167a1b7da3964e4fb21035d1fd22f37512510b4fd23e69f8ef6d2f0602b7c343d37758ed88e1781eb1d549c175865abb637cc4990be3e8f8657da9b5aa399c
Static task
static1
Behavioral task
behavioral1
Sample
Advanced SystemCare Pro v15.0.1.125 + Fix\Setup\Setup.exe
Resource
win7-en-20211104
Malware Config
Targets
-
-
Target
Advanced SystemCare Pro v15.0.1.125 + Fix\Setup\Setup.exe
-
Size
53.8MB
-
MD5
52c09800f066fe865aeafe3bb25ba350
-
SHA1
a5ef95fa24aacb995dd375025df9f953c8c9653f
-
SHA256
ee9bd71a7e6fa22e250a7372039d0779966029a7e0b8ff103c9bb34314f98590
-
SHA512
79167a1b7da3964e4fb21035d1fd22f37512510b4fd23e69f8ef6d2f0602b7c343d37758ed88e1781eb1d549c175865abb637cc4990be3e8f8657da9b5aa399c
-
Quasar Payload
-
Blocklisted process makes network request
-
Executes dropped EXE
-
Drops startup file
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-