Overview

overview

10

Static

static

10

27/AntiRE.Runtime.dll

windows10-2004-x64

1

27/BouncyC...to.dll

windows10-2004-x64

1

27/Bunifu....ms.dll

windows10-2004-x64

1

27/Bunifu....ck.dll

windows10-2004-x64

1

27/Bunifu....ng.dll

windows10-2004-x64

1

27/Bunifu.....3.dll

windows10-2004-x64

1

27/Bunifu....wn.dll

windows10-2004-x64

1

27/Bunifu....ck.dll

windows10-2004-x64

1

27/Bunifu....ge.dll

windows10-2004-x64

1

27/Bunifu....el.dll

windows10-2004-x64

1

27/Bunifu....ox.dll

windows10-2004-x64

1

27/Bunifu....on.dll

windows10-2004-x64

1

27/Bunifu.... a.dll

windows10-2004-x64

1

27/Bunifu....el.dll

windows10-2004-x64

27/Bunifu....es.dll

windows10-2004-x64

1

27/Bunifu....el.dll

windows10-2004-x64

1

27/Bunifu....ox.dll

windows10-2004-x64

1

27/Bunifu....ar.dll

windows10-2004-x64

1

27/Bunifu....on.dll

windows10-2004-x64

1

27/Bunifu....ng.dll

windows10-2004-x64

1

27/Bunifu....ar.dll

windows10-2004-x64

1

27/Bunifu....or.dll

windows10-2004-x64

1

27/Bunifu....el.dll

windows10-2004-x64

1

27/Bunifu....es.dll

windows10-2004-x64

1

27/Bunifu....er.dll

windows10-2004-x64

1

27/Bunifu....ar.dll

windows10-2004-x64

1

27/ToggleSwitch.dll

windows10-2004-x64

1

27/VenomRe...ck.exe

windows10-2004-x64

1

27/Venombin.exe

windows10-2004-x64

10

27/Vestris...ib.dll

windows10-2004-x64

1

27/cGeoIp.dll

windows10-2004-x64

1

27/client.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    27.zip

  • Size

    40.6MB

  • Sample

    230423-s73xzaec99

  • MD5

    f60f25c8e43553e4f068adebb0c1f53e

  • SHA1

    198a55fb9b6ca69754f02c0ed63a409f431cbea1

  • SHA256

    2b72a65f07f28ec579dc188059d860f310dce71fe3c08f5182a2a810e7bc3698

  • SHA512

    16104bc6f85904b24db741853190d292f3e3f42f2b70c1f348f6ddd0b5000cde200682fa4719e46a97818a1390a0593476a83bb3e212774d0cd4cb813b506728

  • SSDEEP

    786432:BamJYjv/LIk8XO9Hgk8MOUiyUE47eZm8walnV3R30VsP+OBoXJYCN:gmi4kWzMOXyULEV3N0w+p59N

Score
10/10
quasaragilenetspywaretrojan

Malware Config

Extracted

Family

quasar

Attributes
  • reconnect_delay

    5000

Targets

    • Target

      27/AntiRE.Runtime.dll

    • Size

      39KB

    • MD5

      e87b398e82b117bb7899ddec8f83a2a1

    • SHA1

      cf30467d1ff110998c38f572087c839d9bae3e67

    • SHA256

      a480be8626153022278931e06ea8b01e7c6e8893ef640aeefff44a633daa874f

    • SHA512

      0789b3c2a8f669a545e811c67dd96cb6a6c9b6557719557b6d0e51805f67a6548357134045aec83da5ad94c8f4b7d3df863df4314500c2fe7dcf1a68c869f2bc

    • SSDEEP

      768:S+2sYDfg/pQlSa+klyVlKHubbBjlinHEhFDB93wEP:S+rYDfcpQoa+kAlKObdMk73R

    Score
    1/10
    behavioral1

    • Target

      27/BouncyCastle.Crypto.dll

    • Size

      2.5MB

    • MD5

      f0b3e112ce4807a28e2b5d66a840ed7f

    • SHA1

      54a6743781fd4ceb720331fce92f16186931192d

    • SHA256

      333903c7d22a27098e45fc64b77a264aa220605cfbd3e329c200d7e4b42c881c

    • SHA512

      dc8ec9754c5e86f7e54e75ff3e5859c1b057f90e9c41788037b944a5db2cb3b70060763d0efcbe55ec595bcc47a9c0ff847a4876821470ca1659c31afd5b0190

    • SSDEEP

      49152:OSSJ+G1PjodumkjD6Oc0mqHZwueCtbu9kQN:6xodumo6Lr

    Score
    1/10
    behavioral2

    • Target

      27/Bunifu.Dataviz.WinForms.dll

    • Size

      311KB

    • MD5

      e86d9c511b4eec93f2049094aa3a780a

    • SHA1

      1ae09730d95f0c9833502dd3c2a02edf0e423840

    • SHA256

      d60260ac26ee79d4d52eca838362b8fe3f77b13748e6a8a9fb4b25b7f2740861

    • SHA512

      be6b58b707d7b4865cce22b900313a8d3999ffc84ad1337ebbc97d9cdc57410e35213762d1e024e654bf3526bcbf458a725fc070e4069519e83da5cd1ed26e97

    • SSDEEP

      6144:Vp15Nq153ZVW4yHd0mMaeY2wvGLlfI1WQ0hshRy+dL2dmZ76+VmJ:Vp1k3GdHz32IGLQE6Ry02dmZWLJ

    Score
    1/10
    behavioral3

    • Target

      27/Bunifu.Licensing back.dll

    • Size

      952KB

    • MD5

      8836edb783ce89ca6481c297772325bc

    • SHA1

      6968c977f594930543ec296ad00322e998129a6a

    • SHA256

      cfa1993c3e7272b3aee610634592c26beaf8e573ac9d3c59695e35a5d2372b17

    • SHA512

      34f07f52e43296e0b3e084857270a8375faf50e2b6cd9522a572efb90de38a3f27b9727861e0258149ed13bd96e114175c9d1d237b0ef97ad4fa53e119ce7f36

    • SSDEEP

      12288:ZjeSIgE+K5HzlwsHTQwEKaAn9BRWTCbsIgbEpzre+TZjGAfR4J:Zjvs+K5HTJaAn9Bw+rgopWa/uJ

    Score
    1/10
    behavioral4

    • Target

      27/Bunifu.Licensing.dll

    • Size

      952KB

    • MD5

      e1ac1fb368968bc2b93ad0dce092feae

    • SHA1

      ebbe3e24c92e6f48851b8baa31d3652d922f14eb

    • SHA256

      2b14b242e1f07081406b24a032fb4d29413e10b9f9760d1c3d06bdcec0615c94

    • SHA512

      f8b299a97cf67f8526b31ab86191e147c74a05bb664eea00a032b93f695199a82652470e121040721491993ec621c64158bade0d623b2eac7fb59982ffa346df

    • SSDEEP

      12288:yBCSIgE+K5HzlwsHTQwEKaAn9BRWTCbsIgbEpzre+TZjGAfggY:yBzs+K5HTJaAn9Bw+rgopWa/zY

    Score
    1/10
    behavioral5

    • Target

      27/Bunifu.UI.WinForms.1.5.3.dll

    • Size

      344KB

    • MD5

      b4280d2898d92ab5c3911f0305d7672f

    • SHA1

      0ef4d6fa24811cea3cb36fccbc45d71e1effb17d

    • SHA256

      e2248459dcc95183d0f0c5f3abd3b0a2b93cd26cf8e130a1f43c8b32c58f4c8f

    • SHA512

      2c719c32144ce2968123dc8e3a6f61f70460e463ba9b3681dc86e124af1343d08e574f7313339ecef4b88f95d2fd9ad56462f0f9e5f9f51ba5de6ba19559af2e

    • SSDEEP

      6144:m6BxSPUIfFVoPH+GBhvPb8g2iYcHIc7RPqEev3djE5ydvmW:vxSsIfFieGjb8ncHFqEevNjE5ydvN

    Score
    1/10
    behavioral6

    • Target

      27/Bunifu.UI.WinForms.BunifuDropdown.dll

    • Size

      51KB

    • MD5

      471a5a1a62aa63c7ff1c4a6e999264d7

    • SHA1

      b25e34efee8df21b368aefa31b43ff0347465234

    • SHA256

      0e1ebb9be3d341f94c8d0f053a352b28b0ac97c61be2222768b449732b290806

    • SHA512

      2a936d249e244d7717d567ed80aaff04a0ae481ac11f4d0fe5512f872d325629fd9e30885cef07fa61763e0e66424a52afe7056218bea6a96e28f23d1b44091f

    • SSDEEP

      768:ByuiR8j8e5ToRtNjCLVzv/8miWvkMFhJudnYizKgu:rroehoR/jcHYWvh4Y+U

    Score
    1/10
    behavioral7

    • Target

      27/Bunifu.UI.WinForms.BunifuFormDock.dll

    • Size

      103KB

    • MD5

      d215dbed519c26bfc900758b0a7cf00b

    • SHA1

      676c4ad890920246e0ea4a17e1f506b9df7ac4da

    • SHA256

      417806116d0f2866beae7bf9c82d6c9facd2df6e9804e2e349e8b7ea4b158102

    • SHA512

      69d15969d6861a526cb476b956a681aad91c66d9d5ffcf3cf56778bdacf831dd9586f9aa326d15448d67af404445812ddbb67e7f06a6562d3deef168cd3fc124

    • SSDEEP

      3072:fPNi/TxTaLau8gqnZ9Px4f9G0rBHbrIdBvK9v:fPNi/TxQLBbrI3Sh

    Score
    1/10
    behavioral8

    • Target

      27/Bunifu.UI.WinForms.BunifuGauge.dll

    • Size

      75KB

    • MD5

      37a23bd95513116840bdd004e5d0623a

    • SHA1

      3fbe3837b74dc4daa6721b6c4699f75e6a40ba45

    • SHA256

      8dff8f9329374d8f70305e4d11ff47346c9c04ab41fa402d19b3e3647752c5b1

    • SHA512

      98d82d1b0938e8c86b7e46bcf1844754dcfff00b182987791b48b270094e67decb8681d4a1c67d15c175ee0cf34a5642b249132091c735967421fa5cdafdc54e

    • SSDEEP

      768:uAjNqLyRFsQeJQCN6P3rytN/B3i7VV6DtSOIDjhUlpnkumjriCR7SsadY69SGFHy:zngGWAkXlTLCdA6wkgnMrsYnS+R

    Score
    1/10
    behavioral9

    • Target

      27/Bunifu.UI.WinForms.BunifuGradientPanel.dll

    • Size

      61KB

    • MD5

      f2de88cd9720e16f9686ea6664270317

    • SHA1

      2e66d5e22760295de172fb3e08b3d08b0990096a

    • SHA256

      ea2e10c53696cf7cf6dcfdd451a971b01770b8ec232743e249a87226f64d719e

    • SHA512

      6deb8c3a7b59a02bf209e159c4bc06cbd25e3e52beb7d1ebf9fb50a9b34462bac4887c110924b631ae42d544ec04db2915b51d2def037f4a3234ffa98965cf5d

    • SSDEEP

      768:KtOa8cFoOKwmObnyWL5xQn/5C6/f5ia2z67ipZdhPOYjgsfHM9oizKgJHIM:Kt9BrbLUBC6H5XM6OpZdh2cxsO+ToM

    Score
    1/10
    behavioral10

    • Target

      27/Bunifu.UI.WinForms.BunifuGroupBox.dll

    • Size

      47KB

    • MD5

      d08948e83988ea490c46f0a0910b586c

    • SHA1

      f28acf5820ff29ab054b482928e0adec44039f0b

    • SHA256

      f67302f7d39b7ecef10afc8e29fe49094ac7a402adef11f92677e24e7bea485b

    • SHA512

      bfa97eebe601b4129e91fba43506f6ff343b66f9e404a5f4ae6a3dd715f727cf112143fb093b306a35abe72960f673e49cf8ffd496d4977cc54d7647d9600048

    • SSDEEP

      768:sEjjvuyRxywSAbDGHMQz2xe0RQLGS6aaJIizKgyw:DjNRAdAbDGHh2xe0KLGZm+d

    Score
    1/10
    behavioral11

    • Target

      27/Bunifu.UI.WinForms.BunifuImageButton.dll

    • Size

      155KB

    • MD5

      523e608bdfb75930b146b7a09a2052f4

    • SHA1

      3350000145a9dbf7fc811538251b99e5733688bf

    • SHA256

      059fc00a1fb49ada256316802d75d6d8c2b5035d3ecabddb2973a588897550f0

    • SHA512

      859422108b91d468c320c55a38e12ac8607d2949a6b886eb87d66c17a383450de0ec736cfefcaaac2a552724cc996935d8f49694b572973239c3ad68b13f6f6a

    • SSDEEP

      3072:4p515Se29sgo6ynl7AWW+XnlImTpVFj4iNR2klZPJ:w+9sgpulk2nlRVZhlZh

    Score
    1/10
    behavioral12

    • Target

      27/Bunifu.UI.WinForms.BunifuLabel a.dll

    • Size

      421KB

    • MD5

      16aba889da5f1d67170d1103408254e0

    • SHA1

      9b23576dbd8397858fb2673d622f74cbb9e0f6a1

    • SHA256

      e49b2ba7002bcdd1e3a16f13913b4816c262e3e40eeafbacc5981098c7a6f236

    • SHA512

      c6baf41223ecb5df209b14e14b496d40a65a163d6c222efe0f71c606496239f7eaa2bbd7c55fac07b5fff6b7cf18ff3af78805a3ae95c828216f5e5469226b17

    • SSDEEP

      6144:3x0YWWd9jDKErgWc0uk+SyLmXFbP2DJFKFyyPBYVN:3IEcWc0WLmVA8BYj

    Score
    1/10
    behavioral13

    • Target

      27/Bunifu.UI.WinForms.BunifuLabel.dll

    • Size

      421KB

    • MD5

      16aba889da5f1d67170d1103408254e0

    • SHA1

      9b23576dbd8397858fb2673d622f74cbb9e0f6a1

    • SHA256

      e49b2ba7002bcdd1e3a16f13913b4816c262e3e40eeafbacc5981098c7a6f236

    • SHA512

      c6baf41223ecb5df209b14e14b496d40a65a163d6c222efe0f71c606496239f7eaa2bbd7c55fac07b5fff6b7cf18ff3af78805a3ae95c828216f5e5469226b17

    • SSDEEP

      6144:3x0YWWd9jDKErgWc0uk+SyLmXFbP2DJFKFyyPBYVN:3IEcWc0WLmVA8BYj

    Score
    1/10
    behavioral14

    • Target

      27/Bunifu.UI.WinForms.BunifuPages.dll

    • Size

      96KB

    • MD5

      57df2e32ec9e3ffc95441cd1d8dbd1d7

    • SHA1

      1e0f0d877b78deeba569a6dd4febeba50b9f44fd

    • SHA256

      c1049bff371e0d3196edf6eb345dd150bd2051252cd5435f2e9b5a1b64faf917

    • SHA512

      75549ba63f068d184bb26720bcc1cf34d286bd1ad50ec4daf4a7d253a54f22682d569e17233cdcde3a3b467c228b6bd737a1bfd54fc3c59bd17504444e42f834

    • SSDEEP

      1536:SbGjHYCjIRQUJOvI1qD+8euTUrWYtcHF/Bm3wMDcF3faKH+Al:TYkPvvNNLTUfcHZBpM8yKBl

    Score
    1/10
    behavioral15

    • Target

      27/Bunifu.UI.WinForms.BunifuPanel.dll

    • Size

      43KB

    • MD5

      3c0158a7cfb962f8d3deac752607b62b

    • SHA1

      9e4a81a01cdb4e52634867671770ff844ec9eb08

    • SHA256

      0592b85f0345e842fab7a577d826e185c201ed85a47e5615286f8b06801053fd

    • SHA512

      0cabc73be87cd63ea10a4c089951814d810e6a8d6c6b163bb4c6f393d444b778fe323a1910c311b88091fb69a2f7ac487e4d32026aca4b515d459bd2f9018a13

    • SSDEEP

      768:xs5riyVbhpxzlpiTLt2VL6NtnP1X/22b0w8XhlA9vVtmTCBwJItnhrgEZz/h+K2T:+iTJ2l6NtP1X/22b0w8XhlA9vVtmTCBS

    Score
    1/10
    behavioral16

    • Target

      27/Bunifu.UI.WinForms.BunifuPictureBox.dll

    • Size

      37KB

    • MD5

      ac858624e0eb40339ee6a1f0218c9fb5

    • SHA1

      74beefb858b8fafe433e563ad7c4aa3ffe708e57

    • SHA256

      8fd5a954f45d3fa8b6d0b15667b225455ff425058efa44d5e31e0c082974d649

    • SHA512

      bebb8e3a89ce77563e328eed3ad2acec58a8566b259dc145497f119da97efbdcc3bd13eea0bad57a365e4bd0844aee7fc5ec8a911459f2941804cca806917971

    • SSDEEP

      768:yDM5qd07rjIiE27vDrAoNookVPzQ8fosMs3eeq9iKH69izKgjAe+:PE27vPAoNookdQ1iLq9Rm+RA/

    Score
    1/10
    behavioral17

    • Target

      27/Bunifu.UI.WinForms.BunifuProgressBar.dll

    • Size

      77KB

    • MD5

      5698a17d07c7aa4d5e672963afb5ce81

    • SHA1

      e6123e8fa1b205818c4aa6f33f2b3d969c5350fa

    • SHA256

      50e54f4b91abc41d03ff5aa7ae21f7c0e685c6e0fbae373839309bd964b8036a

    • SHA512

      461c6964deae3df6102a1a79b0f33cfafe3ede8b879ef057faa3fb4efe016c1eb96db611a869141378b50c86abbc9cdfec40e11e2411d32d32827979803c3895

    • SSDEEP

      1536:gfK8iiGdMFCdSTBPuHdYyaPXV8J2dWK4p+y:q5FYIkH+l8JdTf

    Score
    1/10
    behavioral18

    • Target

      27/Bunifu.UI.WinForms.BunifuRadioButton.dll

    • Size

      69KB

    • MD5

      d82f1133b81c67ead88571d2975ed447

    • SHA1

      a9650f0613ac1181490034ffc7d84ace510d90a3

    • SHA256

      020f26d6ebd10b3defceda120776a58ac070b02814ab4d23062853b7a5a618b9

    • SHA512

      95f8a5ce29c425ba54e700cf5705299155fa3b58126ee0c7571ed44b7674de05437b08ff934392758dd45cf8347b8e5f65e5fd62adca519262ee1967164aafb1

    • SSDEEP

      1536:v1Mbj7JZGwPRlzSdGkFWIrfTJdsPpFs9CQziS/3sEeCWK66+Xq2UYzmp1ggRYGdG:dMn7JbPzzSdGkFWIrfTJdsPpFs9CQzib

    Score
    1/10
    behavioral19

    • Target

      27/Bunifu.UI.WinForms.BunifuRating.dll

    • Size

      50KB

    • MD5

      58ea087ece55af91b4f395913ac8156c

    • SHA1

      30f5b4b8b49e524f5044262145b36a2955bea5f0

    • SHA256

      356be557a6fce9436e7248b1b1de8968f2ae674d94806b3b7674d5b7da7f420e

    • SHA512

      d09c40ec221edb0cf9801a2f14e753526919f1c7334e16f27a526a9c7bce5c0750eb6de28818880f5df2ba6c846a0b55680aae282c8e9eb2939a5a280c4eb5b5

    • SSDEEP

      768:RVJWnE0Ts08kPr7AEqV0MvBbJgzNpT9QwSEmJADizKgZ:JWnVTs08640MvONpT9QwZeK+L

    Score
    1/10
    behavioral20

    • Target

      27/Bunifu.UI.WinForms.BunifuScrollBar.dll

    • Size

      179KB

    • MD5

      5c2a675a65f513ea19decd816531d835

    • SHA1

      7353437e40b3616df1d4b0e0cfd32ff09b0de8ca

    • SHA256

      85930c4cde0b413b3ec929e55f7e967d85ab6ef8bee9a04e9543d5ab9211b30b

    • SHA512

      87341197ceab85ea64dd78ba5447c77e7cebf9a743e120dc23138c1eacad5df38d1a6c812a8f9d7646f032d07b398639c0a1e37b2b42bb56415c3e088cbaa5ee

    • SSDEEP

      3072:L8mam/xl0zAxl8G7Q89nYsiS3oHR2yN4k+i5flfvCYPqrsKga7ztpJaLnTa:LBBoQkC5ijXN4k+i5f1vCYP+sY7NGm

    Score
    1/10
    behavioral21

    • Target

      27/Bunifu.UI.WinForms.BunifuSeparator.dll

    • Size

      38KB

    • MD5

      b7d99694b26110be6ac2554c5e2884fb

    • SHA1

      1f392fcec7da25826e991544e1779ce15355925c

    • SHA256

      c49371c827ae098e3e0958fe887a4c63a25f15846f24e89f143f3e2762e461f5

    • SHA512

      949cb964ff9dcda42235511840777b0cfb6b124dedf21ce5f5d1f7821175b8564436b5dc6c054fd3115bb121bf4d90e744a57aa0e6029a86c44b32486ad08c09

    • SSDEEP

      768:FGzvDNH8FOXAJyr09GvYBqjs1+Hw5ibkt2fIxaTclu3gpSLUdWU1cGaVEwzWiWuv:sPNQcGqBWiWf62+EW

    Score
    1/10
    behavioral22

    • Target

      27/Bunifu.UI.WinForms.BunifuShadowPanel.dll

    • Size

      46KB

    • MD5

      8f3262a7266a8625e307fe477f414c49

    • SHA1

      7f31c910bcebe83590d5dd6928ea645a1f2108b3

    • SHA256

      7acccefc9a969a772108f189d1bce99cb1d316328e02dd94d1e9716804f983b0

    • SHA512

      f8f6001efe550a980d0f74433515cd58a758431589c3b0e2f946c98b01c4051c23bdb121c43bf053b18218377eef032c8b8a1d5b28837e608ae0e5a1565d1f47

    • SSDEEP

      768:M6PmKB5UZ2SIZbidOzVDrJsQ4l1BwmUy6fRXLvKcU8knpoBTliQVD35/HS1GzsQo:MIJJB4TBwmUy6fRXLvKD8knQL5fS1csL

    Score
    1/10
    behavioral23

    • Target

      27/Bunifu.UI.WinForms.BunifuShapes.dll

    • Size

      42KB

    • MD5

      133b9f612938706c9a94c0b399449442

    • SHA1

      d956d0ff56103e077392c0f61ead8dbbd6d90ff3

    • SHA256

      66b81dbb5fa698f3938c669f769c6d0215b80140ef65f57f43eb750a093275cd

    • SHA512

      67ea42b6e9eaff6450d5be6aae560274d30c939245de0382123f2319fe2b5123b6d01782bf68374b23ab4828906ebd88322a70caed7c4b97d6d7db5305e466fb

    • SSDEEP

      768:ncRjZdAepHnxwo6QxiyQUlSPzWrOy73H4yzizKgM:0TAQHxwo5UUKWrOyLYU+m

    Score
    1/10
    behavioral24

    • Target

      27/Bunifu.UI.WinForms.BunifuSlider.dll

    • Size

      197KB

    • MD5

      dc256af8a6709e8d02dbca9955a73b32

    • SHA1

      528e35bf49d9927f23993fd2d2587f7fdacbfc48

    • SHA256

      dc3be56629858ff7327bfbb3a5986d87af3a2d48e4d40806320af5c1f8432005

    • SHA512

      b62bd3bcf2b6f389bd383c106b7a76dfc21730d987dd421ba0ff61640a11f14233c9e8d1af56c78798f8767e467ab4f5deb801187f96ce2517dcedb7b71432eb

    • SSDEEP

      6144:EL5XoA7cTrC8MyO3Ekqj+QBwa/66mO7Yvw:65XoA7cTrC8MyO3Bqj+c/30vw

    Score
    1/10
    behavioral25

    • Target

      27/Bunifu.UI.WinForms.BunifuSnackbar.dll

    • Size

      272KB

    • MD5

      196928c04ea8d7d12c59cfe4a5f933c1

    • SHA1

      ce900a9df6c8dca7e327ab9f329597c1b31e6ef9

    • SHA256

      154b1d3d5812f2e9c746920d060cfeeac9f754f97fec4da1d7437a9f4192fa1f

    • SHA512

      7a6a95e6892d0c025588039d91709b3e887437f2cc525e8f8276a3b17b0c81a6c44172c6d0d857ef770de2b0a178c5d91c16edf640313ae7b2186644ced24a2a

    • SSDEEP

      6144:PuaK5EFzW8mnjZTVBPmMu61e0mxyAMzhFh:I5EFa8+PmMu617mohFh

    Score
    1/10
    behavioral26

    • Target

      27/ToggleSwitch.dll

    • Size

      101KB

    • MD5

      d26b1b1764274dcad77d371e5a414be1

    • SHA1

      55509538adc0caaf3c2fb76ce4350856aa5b5b58

    • SHA256

      6d89de99f58392b762d23383162360237be88e3e835a8973900874946d5a6061

    • SHA512

      20c9d7e76c6458a24416351ae7db884624a45945f738e0b7dbe8ed819ace87800f7c84af96a9daf8c41614038944e01df6e4af6480e38feb899fb2d520fe9383

    • SSDEEP

      1536:cm5hLn96tpO/bpHOPk9biAyiQzlFkMcmVLpRfReaX0H0:cm5dn96tpO/bpQbkxSpRp7Xn

    Score
    1/10
    behavioral27

    • Target

      27/VenomRemote Crack.exe

    • Size

      31.1MB

    • MD5

      db903965c52af774d289195dca43c4f0

    • SHA1

      3dfc35def11c626a573f499991e63c853d06d94f

    • SHA256

      71a41259ae1af738009b67f8941abda7d0c4d4a718cfbe1e9139241b99870ce9

    • SHA512

      b424a5245eeb937a28607b35e3549f9169f65bf73b7baf790deb081e7894ea17cc7c30f42c6084f01b6a1b46ae76efe62fb12252f23f1ff641440718f40a7155

    • SSDEEP

      393216:WmGXflmXJTD1jJTDQMvfOjmM27kv1Bx0bQox/UlGkNCoIZ5JTD21JTD:dGNxMvDUjCbQa/O11

    Score
    1/10
    behavioral28

    • Target

      27/Venombin.exe

    • Size

      2.6MB

    • MD5

      28ab86b3dcd21945ecf0d61cff33f0af

    • SHA1

      5117b7fea972011d5d8744632d5052d92d93bc64

    • SHA256

      a9da04a7a49309e177655fb41589cac45813b8a98e469225f58ed137a6fe3078

    • SHA512

      2c7370fe9fa0b0ca15bbb29c7b9b102978555aab02f6ced0a59773146f0f72e6b2d6994a3f99851bd4bd63a4e07a88751090aece1ce34ed1c97f97ead0fbe6f8

    • SSDEEP

      49152:LwujSJcbl8P1SatwwzD/jYg26ErFHFWX42BkkDITTf:TjSJIwsatPD/j06QhGs3f

    Score
    10/10
    quasarspywaretrojan

    • Quasar RAT

      Quasar is an open source Remote Access Tool.

      trojanspywarequasar

    • Quasar payload

    • Legitimate hosting services abused for malware hosting/C2

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral29

    • Target

      27/Vestris.ResourceLib.dll

    • Size

      76KB

    • MD5

      944ce5123c94c66a50376e7b37e3a6a6

    • SHA1

      a1936ac79c987a5ba47ca3d023f740401f73529b

    • SHA256

      7da3f0e77c4dddc82df7c16c8c781fade599b7c91e3d32eefbce215b8f06b12a

    • SHA512

      4c034ff51cc01567f3cb0796575528ca44623b864eb606266bcf955a9259ed26b20bec0086d79038158d3a5af2ada0a90f59d7c6aae9e545294fe77825dbe08b

    • SSDEEP

      1536:CSSYikTF0Z+sFGu11tIcyI1MtI9eDG3fL7:CJYD0Z9FGu11teI1r9ea3

    Score
    1/10
    behavioral30

    • Target

      27/cGeoIp.dll

    • Size

      2.3MB

    • MD5

      6d6e172e7965d1250a4a6f8a0513aa9f

    • SHA1

      b0fd4f64e837f48682874251c93258ee2cbcad2b

    • SHA256

      d1ddd15e9c727a5ecf78d3918c17aee0512f5b181ad44952686beb89146e6bd0

    • SHA512

      35daa38ad009599145aa241102bcd1f69b4caa55ebc5bb11df0a06567056c0ec5fcd02a33576c54c670755a6384e0229fd2f96622f12304dec58f79e1e834155

    • SSDEEP

      24576:TRgJE8pkCLLe/K43EnnnclQwIqJY0OjklWXQMFBRpmkL/59ah0USm3uwl00odi9p:TRgfX/59a6USdi9Ues6bV6boLO6r

    Score
    1/10
    behavioral31

    • Target

      27/client.bin

    • Size

      904KB

    • MD5

      b0e8ff9dd5453104b5b868262fd7a164

    • SHA1

      f33424612617cb6fa9bdc2327c6e70f29d189bd4

    • SHA256

      82f35cefdffb27759bf8665c9b997401c5df88e631531a4fd2cfee456f84246e

    • SHA512

      fee5032e8d5956ed6fcf1d167118a9ac19dd4b251c57689eb5596161c263d84dca62bf1fb708f1dfe9773716943109db93efccabd3db87037cfb95acd3768f1c

    • SSDEEP

      12288:mreLatt+487Ti+XVPJTtnBLF/5DJcTYTTups0MJ2XOtXwlkXbPkooLo:aej487Ti+XVPJTtnBLF/5DJ/lXwlkZf

    Score
    10/10
    quasarspywaretrojan
    behavioral32

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

1
T1102

Impact

Tasks

static1

agilenetquasar
Score
10/10

behavioral1

Score
1/10

behavioral2

Score
1/10

behavioral3

Score
1/10

behavioral4

Score
1/10

behavioral5

Score
1/10

behavioral6

Score
1/10

behavioral7

Score
1/10

behavioral8

Score
1/10

behavioral9

Score
1/10

behavioral10

Score
1/10

behavioral11

Score
1/10

behavioral12

Score
1/10

behavioral13

Score
1/10

behavioral14

Score
1/10

behavioral15

Score
1/10

behavioral16

Score
1/10

behavioral17

Score
1/10

behavioral18

Score
1/10

behavioral19

Score
1/10

behavioral20

Score
1/10

behavioral21

Score
1/10

behavioral22

Score
1/10

behavioral23

Score
1/10

behavioral24

Score
1/10

behavioral25

Score
1/10

behavioral26

Score
1/10

behavioral27

Score
1/10

behavioral28

Score
1/10

behavioral29

quasarspywaretrojan
Score
10/10

behavioral30

Score
1/10

behavioral31

Score
1/10

behavioral32

quasarspywaretrojan
Score
10/10