General

  • Target

    6dbb66926ff472a072d07773b2bf1f01.bin

  • Size

    914KB

  • Sample

    230331-bysl7sgb77

  • MD5

    6dbb66926ff472a072d07773b2bf1f01

  • SHA1

    8b8d6aa38a21810d101b47a04d69d47f2a85e96d

  • SHA256

    2d0b88e49c10cb4ece429f61f177523f54eef92a53d1cacc7a8446dec2808d36

  • SHA512

    91a39f26a2762c997904b74de75e040d35f8a0c6fc6040c6df3c1e3fae8a65264484a123e5d9971b9fe6f51415c6fd05a1c7fb8931feef38b4db04b9c2a28501

  • SSDEEP

    24576:xu37ye+JcWd/Xk9pCPNf4ar02gcv+CjCGwl9qm:07ye+JFd/09IJ4argcZjP0

Malware Config

Targets

    • Target

      wwwdiangovcoPaginasestadodecuentan5235364788ref.exe

    • Size

      1.1MB

    • MD5

      0512f44eaa7452c825b34adf767ef16b

    • SHA1

      3a86a32085b5b3e5f21423dadbfd37d0c0ef8774

    • SHA256

      38b7701ddd4541928a2ab57f9bd992bc885ac0f6ee407875da197c95935a2ade

    • SHA512

      2c2f4251c38a90b65e60536aa40c2b726872b75a8ac1ed0c373648fe210c80e742a957083386f7376c68a8ca77c78e465aa0b7cd9d72288bc4a02df9b7f5376e

    • SSDEEP

      24576:512zVZ97v2SJfe41ImXk6skuDQ9E2wMCmu6s4j+yFt:5AR37vDfVmBkE8bw4JB+

    • Contains code to disable Windows Defender

      A .NET executable tasked with disabling Windows Defender capabilities such as realtime monitoring, blocking at first seen, etc.

    • Modifies Windows Defender Real-time Protection settings

    • Modifies security service

    • Quasar RAT

      Quasar is an open source Remote Access Tool.

    • Quasar payload

    • UAC bypass

    • Windows security bypass

    • Deletes shadow copies

      Ransomware often targets backup files to inhibit system recovery.

    • Executes dropped EXE

    • Loads dropped DLL

    • Windows security modification

    • Adds Run key to start application

    • Checks whether UAC is enabled

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks