General
-
Target
Uplay_R6_Cap.zip
-
Size
4.1MB
-
Sample
230531-yjllnsbb4y
-
MD5
643f9dc0d7292995afea0ece847632ca
-
SHA1
01187655e1bcbbfb2de84d82f50f34cc5eb5125f
-
SHA256
e7032103393d503c5642a10be96d39faaa93af05d0feaf77b8e011ebfa70022c
-
SHA512
146570b3b1570cabcbb6d9453cf804cfd4cbbe020bc5651877a72577c032f9bae940ee97f7b3ee59a9e28ddeeeced6c426b3e6cb75b7647eef4e2bda1fcc1532
-
SSDEEP
98304:B6ZyNzucXsRdR+cCTngPQMPUU9cwMeHNaY1F:NNzdXsRidThMpMmv1F
Static task
static1
Behavioral task
behavioral1
Sample
Uplay_R6_Cap/Checker.exe
Resource
win10v2004-20230220-en
Behavioral task
behavioral2
Sample
Uplay_R6_Cap/Uplay.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
quasar
1.4.1
ShanX
pubgm.ddns.net:3463
fe19d956-967f-4776-a516-d40c85ea9e9a
-
encryption_key
C00A9243E77E6BA0615E28214F4657063CECD5D6
-
install_name
Client.exe
-
log_directory
Logs
-
reconnect_delay
3000
-
startup_key
Quasar Client Startup
-
subdirectory
SubDir
Targets
-
-
Target
Uplay_R6_Cap/Checker.exe
-
Size
3.1MB
-
MD5
547647b2a11212e16758e86e596c4e38
-
SHA1
22562c0a77948e12fb7a9d55b4bbf9a7653cb0bb
-
SHA256
aa842236e758058ef3ad704681ed6e8c391caf1fa5b64f47af05bb35e04377ca
-
SHA512
b3794971c334c2c456816dece4c8d871d6da16a23de6c52f0877b41b49a3526070377c8e55c7b93f98387087f7a743d5c89de99233ca37ce717d748d1f7a1287
-
SSDEEP
49152:hqynoUPX6KAiY5/UmaFJYYKoONHm5LOx1ndwlpN+w5nIdNawgmy6ISXstG5Auh0r:svKAiY9aFJPkyLOxdmljInpgXyXGGul
-
Quasar payload
-
Uses the VBS compiler for execution
-
Suspicious use of SetThreadContext
-
-
-
Target
Uplay_R6_Cap/Uplay.exe
-
Size
192KB
-
MD5
86d4a187895e787a5a7e54b4b686faf7
-
SHA1
e97228561a25f5f77dafbbc418e2661a51c16b00
-
SHA256
659dcf79cfdee793fedc1f568bfada6d2a6e13785f6cd57a4fcbea5edc535f95
-
SHA512
0993ff75480847910e4c359a2fe74e0aa911ab8791a8d0dfd1ac4b8639356102b28721d11c4efc29e597a691327c1a90f7cc53d1c6f0ef17c52eb30d6ea7d6e8
-
SSDEEP
3072:50zlW1Un1CwJHJB+SKIhBiKoZN7nWKAHGG64RoGtefeLw4TScLNYbWoHJRdpF:CU12BJlK4iZN7MFl04VCbW
Score1/10 -