General
-
Target
Wondershare Filmora X v10.1.20.15 (x64) Multilingual Portable\Wondershare Filmora X.exe
-
Size
271.0MB
-
Sample
211205-jl7jlacbdk
-
MD5
a460b6395dd176f992f5688661439e59
-
SHA1
548ac291d695b6d95653a4e693bd50ff2be8b520
-
SHA256
0c6db99feb8a07663bd79281076a90df80c3d46e010bfdd6fae3107c15e41d64
-
SHA512
a841b0d84ec8de4f469faf937f1179e806912f043b53c4812efa9198552932fe7cd46670873e2f72aeb3ba066fa624712f7855c2d808a08392b9aafeb7eb1354
Static task
static1
Behavioral task
behavioral1
Sample
Wondershare Filmora X v10.1.20.15 (x64) Multilingual Portable\Wondershare Filmora X.exe
Resource
win7-en-20211014
Malware Config
Extracted
quasar
1.4.0
MBOYO
4Mekey.myftp.biz:4782
50c0cc9d-df81-47e4-b3ed-27ffef03eebc
-
encryption_key
DAE9E02E5E04D59D9AF2AA1D5E82248D5919AC6A
-
install_name
Windows Update.exe
-
log_directory
Logs
-
reconnect_delay
3000
-
startup_key
Microsoft Windows
-
subdirectory
System32
Targets
-
-
Target
Wondershare Filmora X v10.1.20.15 (x64) Multilingual Portable\Wondershare Filmora X.exe
-
Size
271.0MB
-
MD5
a460b6395dd176f992f5688661439e59
-
SHA1
548ac291d695b6d95653a4e693bd50ff2be8b520
-
SHA256
0c6db99feb8a07663bd79281076a90df80c3d46e010bfdd6fae3107c15e41d64
-
SHA512
a841b0d84ec8de4f469faf937f1179e806912f043b53c4812efa9198552932fe7cd46670873e2f72aeb3ba066fa624712f7855c2d808a08392b9aafeb7eb1354
-
MassLogger
Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.
-
Quasar Payload
-
Vidar log file
Detects a log file produced by Vidar.
-
suricata: ET MALWARE Observed Malicious SSL Cert (Quasar CnC)
suricata: ET MALWARE Observed Malicious SSL Cert (Quasar CnC)
-
Blocklisted process makes network request
-
Executes dropped EXE
-
Drops startup file
-
Loads dropped DLL
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-