General
-
Target
02962ce42a6b3910c33e9f9ace964bba
-
Size
666KB
-
Sample
220719-hnrqgsdha5
-
MD5
02962ce42a6b3910c33e9f9ace964bba
-
SHA1
565d1a5cc063503879c5bd0dffa2cfe4e5a2e627
-
SHA256
2cb24e62607d1f4eef2ee22dca37a4eda7b97ea9b3d96443102548fe90c3edc3
-
SHA512
96fd7e1a6cd7e2f87274af902c7c327d7f09b1c15861983691a6ddf6a44961175876f97cbf0e31e383a36037ebaac9350c0e96ac49b4940a5ef3cd24ce1a5969
Malware Config
Extracted
quasar
2.1.0.0
DCNITRO01
0.tcp.eu.ngrok.io:10352
VNM_MUTEX_v9VGaskk4AIKeNY3U6
-
encryption_key
UZHpvfEZMUzQVIJjvgWB
-
install_name
Client.exe
-
log_directory
Logs
-
reconnect_delay
3000
-
startup_key
dc nitro(venom)
-
subdirectory
SubDir
Targets
-
-
Target
02962ce42a6b3910c33e9f9ace964bba
-
Size
666KB
-
MD5
02962ce42a6b3910c33e9f9ace964bba
-
SHA1
565d1a5cc063503879c5bd0dffa2cfe4e5a2e627
-
SHA256
2cb24e62607d1f4eef2ee22dca37a4eda7b97ea9b3d96443102548fe90c3edc3
-
SHA512
96fd7e1a6cd7e2f87274af902c7c327d7f09b1c15861983691a6ddf6a44961175876f97cbf0e31e383a36037ebaac9350c0e96ac49b4940a5ef3cd24ce1a5969
Score10/10-
Contains code to disable Windows Defender
A .NET executable tasked with disabling Windows Defender capabilities such as realtime monitoring, blocking at first seen, etc.
-
Quasar RAT
Quasar is an open source Remote Access Tool.
-
Quasar payload
-
VenomRAT
VenomRAT is a modified version of QuasarRAT with some added features, such as rootkit and stealer capabilites.
-
suricata: ET MALWARE Common RAT Connectivity Check Observed
suricata: ET MALWARE Common RAT Connectivity Check Observed
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-