Overview

overview

10

Static

static

10

dridex

windows10-2004_x64

10
General
Target

30d1d838112df9d0a9b75c96906dc14e1a36bd279802e10bcbc41b674ab6c668

Size

502KB

Sample

220504-bcxzsscgc7

Score
10/10
MD5

e2a90c3e125ae445d0763f4caa47381b

SHA1

e53c0be113b08a33afadad940ed31f9843bfa5b7

SHA256

30d1d838112df9d0a9b75c96906dc14e1a36bd279802e10bcbc41b674ab6c668

SHA512

af9c0026f44bdfe8c4f4ed37dfbe5fdfe4fb66652b79459539e7459f822b256dd1c50bee317ea7b37ad583e91cc9603bb9916b2ffa2ce8b941d53ac959ed6c95

Malware Config

Extracted

Family

quasar
Version

1.4.0
Botnet

1
C2

dlldns.duckdns.org:20000

whoru222.xyz:20000

whereami3.xyz:20000

letmerat.xyz:20000

selfdestructdns.xyz:20000

wtfimrich666.xyz:20000

p2x4y.xyz:21000

howmanytimes3.xyz:21000

ceeloblack.xyz:21000

thanksfam.xyz:21000
Attributes
encryption_key
67DFA5AFA3111DA4B8B545C503A131C3C3D1E34C
install_name
WinUpdater.exe
log_directory
Logs
reconnect_delay
3000
startup_key
WinUpdater
subdirectory
WinUpdater
Targets
Target

30d1d838112df9d0a9b75c96906dc14e1a36bd279802e10bcbc41b674ab6c668

MD5

e2a90c3e125ae445d0763f4caa47381b

Filesize

502KB

Score
10/10
SHA1

e53c0be113b08a33afadad940ed31f9843bfa5b7

SHA256

30d1d838112df9d0a9b75c96906dc14e1a36bd279802e10bcbc41b674ab6c668

SHA512

af9c0026f44bdfe8c4f4ed37dfbe5fdfe4fb66652b79459539e7459f822b256dd1c50bee317ea7b37ad583e91cc9603bb9916b2ffa2ce8b941d53ac959ed6c95

Tags

Signatures

  • Quasar Payload

  • Quasar RAT

    Description

    Quasar is an open source Remote Access Tool.

    Tags

  • Checks computer location settings

    Description

    Looks up country code configured in the registry, likely geofence.

    TTPs

    Query RegistrySystem Information Discovery

Related Tasks

behavioral1
MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Defense Evasion
          Discovery
          Execution
            Exfiltration
              Impact
                Initial Access
                  Lateral Movement
                    Persistence
                      Privilege Escalation
                        Tasks

                        static1

                        Score
                        10/10

                        behavioral1

                        Score
                        10/10