Overview

overview

10

Static

static

5540ebd0c0...a5.exe

windows7-x64

10

5540ebd0c0...a5.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    5540ebd0c042474a8831fa85f22af31bf269a7c5293b3b17a673a1c9f5de78a5

  • Size

    2.5MB

  • Sample

    220725-t3nsxsedc4

  • MD5

    60603c03611bec2d605fd134af541c41

  • SHA1

    97ea9b13dc1f7ee2b9ad231571ec4cfa6e2186fb

  • SHA256

    5540ebd0c042474a8831fa85f22af31bf269a7c5293b3b17a673a1c9f5de78a5

  • SHA512

    793d8e0f5fb692236ef2678eb7a6e5e8e7af588a82238ba89ab3b1eaf588372dd31c16946ffd3be30c03bea0aee580bfb07333bcd8a2d464a52e15a319b435ed

Score
10/10
quasarpersistencespywaretrojan

Malware Config

Targets

    • Target

      5540ebd0c042474a8831fa85f22af31bf269a7c5293b3b17a673a1c9f5de78a5

    • Size

      2.5MB

    • MD5

      60603c03611bec2d605fd134af541c41

    • SHA1

      97ea9b13dc1f7ee2b9ad231571ec4cfa6e2186fb

    • SHA256

      5540ebd0c042474a8831fa85f22af31bf269a7c5293b3b17a673a1c9f5de78a5

    • SHA512

      793d8e0f5fb692236ef2678eb7a6e5e8e7af588a82238ba89ab3b1eaf588372dd31c16946ffd3be30c03bea0aee580bfb07333bcd8a2d464a52e15a319b435ed

    Score
    10/10
    quasarpersistencespywaretrojan

    • Quasar RAT

      Quasar is an open source Remote Access Tool.

      trojanspywarequasar

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1
T1053

Persistence

Registry Run Keys / Startup Folder

1
T1060

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks