Overview

overview

10

Static

static

10

The increa...ed.pdf

windows7_x64

1

The increa...ed.pdf

windows10-2004_x64

1

The increa...df.exe

windows7_x64

10

The increa...df.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    41dcaf4c90164544df7f6355059f9d31534a72ddcd310729332ef1af1e304a29

  • Size

    8.5MB

  • Sample

    220319-qj1rlaagd5

  • MD5

    0685c534129f6c16803965e24bb95157

  • SHA1

    34dfdf16d13f974a06f46486ab4ad7034db8e9d5

  • SHA256

    41dcaf4c90164544df7f6355059f9d31534a72ddcd310729332ef1af1e304a29

  • SHA512

    d05f6f88d6acbbbb8ada8e8a17c6b638072ba203ffc44a61d24cf2eb387bbfeba1693bc690c636b1332aab2b1da6208a04a5ea259ef424e3ee1c840118230c69

Score
10/10
quasarpdflinkpdfspywaretrojan

Malware Config

Extracted

Family

quasar

Version

1.4.0

Botnet

PDF

C2

https://web.sunvn.net:4782

https://taisunwin.club:4782

https://web.sunwinvn.vip:4782

http://b29.bet:4782

https://playgo88.fun:4782

https://choigo88.us:4782
Mutex

ca1a9340-65d7-49a9-b045-50c69210b55d

Attributes
  • encryption_key

    9C84151BA76B2D40C2A4C55E8D137720CE7C0137

  • install_name

    PDF.exe

  • log_directory

    Logs

  • reconnect_delay

    3000

  • startup_key

    PDF Reader

  • subdirectory

    PDF Reader

Targets

    • Target

      The increasingly complicated Russia-Ukraine crisis explained.pdf

    • Size

      8.2MB

    • MD5

      5e528b8ba38496feea95a628061d0acb

    • SHA1

      4fe483160449b7d8303809fa3c5f0afe0eae72f2

    • SHA256

      1585d4432949acd29d160c0d0748c4e695d837c40e4bd5ed9a229c4437f96160

    • SHA512

      266dbf7ca8839b9c658d261754d725cab9de1dfffa97eeb67f7adc8a7c78de3b82f1187302045e5c61264ac8dc754254df1d6ddb3f854611eb288a8b0a8d855d

    Score
    1/10
    behavioral1behavioral2

    • Target

      The increasingly complicated Russia-Ukraine crisis explained.pdf.exe

    • Size

      713KB

    • MD5

      19338d49c7f6a98163ed63ca165a6d9d

    • SHA1

      bbb9bf63efc448706f974050bef23bb1edd13782

    • SHA256

      b4e3216803e2ec15ff0df82bf47656df179a4efa977eb187607bab0c38909a00

    • SHA512

      b8c9235a9a825284dcd3bf5c210f1f842e90639c4459ae1728e2e96aa738a9f8fdf7a119cc2d4e92a5400870644c571278f0f33679d7b398d399c981c8a6fa31

    Score
    10/10
    quasarpdfspywaretrojan
    behavioral3behavioral4

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1
T1053

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks