Overview

overview

10

Static

static

10

tmp.exe

windows7-x64

10

tmp.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    tmp

  • Size

    3.1MB

  • Sample

    230604-ngys4scf3w

  • MD5

    9015c3d7db0f4918632bd515f5187148

  • SHA1

    78f1ac578a3ad08c5da5eaab6b7423d772a9e159

  • SHA256

    dc90c4dea9a7c84847fa536ac75123e39f077437cbafcc132c2537f8757f7578

  • SHA512

    855ce4d97ddf6b50f3ca49d846d643c45ad668b3238280e9cee1a14dbdba754b37b27ba874aa8039695f263eaa5e4a785ca6047d65aad666f384557ecff6981d

  • SSDEEP

    49152:zvDlL26AaNeWgPhlmVqvMQ7XSKvrRJ6kbR3LoGdogTHHB72eh2NT:zv5L26AaNeWgPhlmVqkQ7XSKvrRJ6u

Score
10/10
quasarhackedspywaretrojan

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

Hacked

C2

66.135.0.161:5890

127.0.0.1:5890
Mutex

298708ab-b798-45b3-8858-08891ded7c8a

Attributes
  • encryption_key

    D0F0754E67B4CBC38801AC41F731FCB62478B8FF

  • install_name

    Windowsdem64.exe

  • log_directory

    Logs

  • reconnect_delay

    3000

  • startup_key

    scfhost

  • subdirectory

    Windows64

Targets

    • Target

      tmp

    • Size

      3.1MB

    • MD5

      9015c3d7db0f4918632bd515f5187148

    • SHA1

      78f1ac578a3ad08c5da5eaab6b7423d772a9e159

    • SHA256

      dc90c4dea9a7c84847fa536ac75123e39f077437cbafcc132c2537f8757f7578

    • SHA512

      855ce4d97ddf6b50f3ca49d846d643c45ad668b3238280e9cee1a14dbdba754b37b27ba874aa8039695f263eaa5e4a785ca6047d65aad666f384557ecff6981d

    • SSDEEP

      49152:zvDlL26AaNeWgPhlmVqvMQ7XSKvrRJ6kbR3LoGdogTHHB72eh2NT:zv5L26AaNeWgPhlmVqkQ7XSKvrRJ6u

    Score
    10/10
    quasarhackedspywaretrojan
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1
T1053

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Credential Access

Discovery

Query Registry

1
T1012

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks