General
-
Target
3c408a0b4fc83fa3e387a1d45e03009340a75b1519529eb55d910e84d9e6bbe5
-
Size
1.6MB
-
Sample
220508-2hjbpshea6
-
MD5
cef80abf8c3f0cde0085f3253ab0381a
-
SHA1
a7de60994d1c16409700a2deccb6cb1423153967
-
SHA256
3c408a0b4fc83fa3e387a1d45e03009340a75b1519529eb55d910e84d9e6bbe5
-
SHA512
80e4a4dad8c49ed24226346ec769ad595e1ffa26c2167ae0e7c622a10e59cf12a2d2ec1486d7cb168cc3df963d2653be3669855ced35b67548e860573b4f850d
Malware Config
Targets
-
-
Target
3c408a0b4fc83fa3e387a1d45e03009340a75b1519529eb55d910e84d9e6bbe5
-
Size
1.6MB
-
MD5
cef80abf8c3f0cde0085f3253ab0381a
-
SHA1
a7de60994d1c16409700a2deccb6cb1423153967
-
SHA256
3c408a0b4fc83fa3e387a1d45e03009340a75b1519529eb55d910e84d9e6bbe5
-
SHA512
80e4a4dad8c49ed24226346ec769ad595e1ffa26c2167ae0e7c622a10e59cf12a2d2ec1486d7cb168cc3df963d2653be3669855ced35b67548e860573b4f850d
Score10/10-
Modifies Windows Defender Real-time Protection settings
-
Quasar RAT
Quasar is an open source Remote Access Tool.
-
VenomRAT
VenomRAT is a modified version of QuasarRAT with some added features, such as rootkit and stealer capabilites.
-
suricata: ET MALWARE Common RAT Connectivity Check Observed
suricata: ET MALWARE Common RAT Connectivity Check Observed
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Windows security modification
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-