Overview

overview

10

Static

static

3

Uplay_R6_C...er.exe

windows10-2004-x64

10

Uplay_R6_C...ay.exe

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Uplay_R6_Cap.zip

  • Size

    4.1MB

  • Sample

    230531-yjllnsbb4y

  • MD5

    643f9dc0d7292995afea0ece847632ca

  • SHA1

    01187655e1bcbbfb2de84d82f50f34cc5eb5125f

  • SHA256

    e7032103393d503c5642a10be96d39faaa93af05d0feaf77b8e011ebfa70022c

  • SHA512

    146570b3b1570cabcbb6d9453cf804cfd4cbbe020bc5651877a72577c032f9bae940ee97f7b3ee59a9e28ddeeeced6c426b3e6cb75b7647eef4e2bda1fcc1532

  • SSDEEP

    98304:B6ZyNzucXsRdR+cCTngPQMPUU9cwMeHNaY1F:NNzdXsRidThMpMmv1F

Score
10/10
quasarshanxspywaretrojan

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

ShanX

C2

pubgm.ddns.net:3463

Mutex

fe19d956-967f-4776-a516-d40c85ea9e9a

Attributes
  • encryption_key

    C00A9243E77E6BA0615E28214F4657063CECD5D6

  • install_name

    Client.exe

  • log_directory

    Logs

  • reconnect_delay

    3000

  • startup_key

    Quasar Client Startup

  • subdirectory

    SubDir

Targets

    • Target

      Uplay_R6_Cap/Checker.exe

    • Size

      3.1MB

    • MD5

      547647b2a11212e16758e86e596c4e38

    • SHA1

      22562c0a77948e12fb7a9d55b4bbf9a7653cb0bb

    • SHA256

      aa842236e758058ef3ad704681ed6e8c391caf1fa5b64f47af05bb35e04377ca

    • SHA512

      b3794971c334c2c456816dece4c8d871d6da16a23de6c52f0877b41b49a3526070377c8e55c7b93f98387087f7a743d5c89de99233ca37ce717d748d1f7a1287

    • SSDEEP

      49152:hqynoUPX6KAiY5/UmaFJYYKoONHm5LOx1ndwlpN+w5nIdNawgmy6ISXstG5Auh0r:svKAiY9aFJPkyLOxdmljInpgXyXGGul

    Score
    10/10
    quasarshanxspywaretrojan

    • Quasar RAT

      Quasar is an open source Remote Access Tool.

      trojanspywarequasar

    • Quasar payload

    • Uses the VBS compiler for execution

    • Suspicious use of SetThreadContext

    behavioral1

    • Target

      Uplay_R6_Cap/Uplay.exe

    • Size

      192KB

    • MD5

      86d4a187895e787a5a7e54b4b686faf7

    • SHA1

      e97228561a25f5f77dafbbc418e2661a51c16b00

    • SHA256

      659dcf79cfdee793fedc1f568bfada6d2a6e13785f6cd57a4fcbea5edc535f95

    • SHA512

      0993ff75480847910e4c359a2fe74e0aa911ab8791a8d0dfd1ac4b8639356102b28721d11c4efc29e597a691327c1a90f7cc53d1c6f0ef17c52eb30d6ea7d6e8

    • SSDEEP

      3072:50zlW1Un1CwJHJB+SKIhBiKoZN7nWKAHGG64RoGtefeLw4TScLNYbWoHJRdpF:CU12BJlK4iZN7MFl04VCbW

    Score
    1/10
    behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scripting

1
T1064

Scheduled Task

1
T1053

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Scripting

1
T1064

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks