quasar | fe017545d9438e8491e09152ec9d4ee9faa9aaf64b601f500db2314260204e2f | Triage

Submit
Reports

Overview

overview

Static

static

dridex

windows10_x64

Sharing

General

Target

fe017545d9438e8491e09152ec9d4ee9faa9aaf64b601f500db2314260204e2f
Size

535KB
Sample

220101-v8chhshha9
MD5

8ec725efd4c12cb8c7e44f964a343ab8
SHA1

8c5bf29556afd3fe1d4dc6424c422903b9d03073
SHA256

fe017545d9438e8491e09152ec9d4ee9faa9aaf64b601f500db2314260204e2f
SHA512

4c2be251a75c1f274af141ef153efe76a15cd42b631a0041bcbc351a717ca8b0a8f92d7010261ec019185527e0785d777ca1f6d80bba3fbbcf61fc1d6d41357a

Score

10^/10

quasar venomrat hacked evasion rat rootkit spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

fe017545d9438e8491e09152ec9d4ee9faa9aaf64b601f500db2314260204e2f.exe

Resource

win10-en-20211208

quasar venomrat hacked evasion rat rootkit spyware stealer trojan

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

quasar

Version

2.1.0.0

Botnet

Hacked

C2

AUTHGG-37696.portmap.host:37696

Mutex

VNM_MUTEX_wX978IqIpFgn6uoBO6

Attributes

encryption_key
39b1ysbZHxi3Lh3NMkbU
install_name
Host Process for Windows Tasks.exe
log_directory
Microsoft
reconnect_delay
1000
startup_key
Host Process for Setting Synchronization
subdirectory
MIcrosoft

Extracted

Family

quasar

Mutex

Attributes

encryption_key
install_name
log_directory
reconnect_delay
1000
startup_key
subdirectory

Targets

- Target
  
  fe017545d9438e8491e09152ec9d4ee9faa9aaf64b601f500db2314260204e2f
- Size
  
  535KB
- MD5
  
  8ec725efd4c12cb8c7e44f964a343ab8
- SHA1
  
  8c5bf29556afd3fe1d4dc6424c422903b9d03073
- SHA256
  
  fe017545d9438e8491e09152ec9d4ee9faa9aaf64b601f500db2314260204e2f
- SHA512
  
  4c2be251a75c1f274af141ef153efe76a15cd42b631a0041bcbc351a717ca8b0a8f92d7010261ec019185527e0785d777ca1f6d80bba3fbbcf61fc1d6d41357a
Score

10^/10

quasar venomrat hacked evasion rat rootkit spyware stealer trojan
- Contains code to disable Windows Defender
  A .NET executable tasked with disabling Windows Defender capabilities such as realtime monitoring, blocking at first seen, etc.
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- Quasar Payload
- Quasar RAT
  Quasar is an open source Remote Access Tool.
  trojan spyware quasar
- VenomRAT
  VenomRAT is a modified version of QuasarRAT with some added features, such as rootkit and stealer capabilites.
  rat rootkit stealer venomrat
- Executes dropped EXE
- Windows security modification
  evasion trojan
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Modify Existing Service

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Disabling Security Tools

Modify Registry

Credential Access

Discovery

Remote System Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

quasarvenomrathackedevasionratrootkitspywarestealertrojan

© 2018-2024

Terms | Privacy