Overview

overview

10

Static

static

1

Client-built.bat

windows7-x64

7

Client-built.bat

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Client-built.bat

  • Size

    1.1MB

  • Sample

    230609-v8my9acg58

  • MD5

    45c24bc2e3362f234af60a836d158c2d

  • SHA1

    023bd718cd1921e741e26accc0bb0681cdd51eb1

  • SHA256

    33e476a25bde41c42083d57716e678a70d4f8d5576f5d26067d0d5c5afc13e40

  • SHA512

    8c8ed0fde95a1e8d56731b46a1f66bb47de8c6273a73d503168ce7d5f0d82aa77136b86fc48cf5a3c8183428ce23826840fc8861813eebbfef60400c98d52eaf

  • SSDEEP

    6144:VisaSp+quMXMCWPbsjcB7O56B67XvgUhb7pH:VixBMdoYj+O56if7pH

Score
10/10
quasarspywaretrojan

Malware Config

Targets

    • Target

      Client-built.bat

    • Size

      1.1MB

    • MD5

      45c24bc2e3362f234af60a836d158c2d

    • SHA1

      023bd718cd1921e741e26accc0bb0681cdd51eb1

    • SHA256

      33e476a25bde41c42083d57716e678a70d4f8d5576f5d26067d0d5c5afc13e40

    • SHA512

      8c8ed0fde95a1e8d56731b46a1f66bb47de8c6273a73d503168ce7d5f0d82aa77136b86fc48cf5a3c8183428ce23826840fc8861813eebbfef60400c98d52eaf

    • SSDEEP

      6144:VisaSp+quMXMCWPbsjcB7O56B67XvgUhb7pH:VixBMdoYj+O56if7pH

    Score
    10/10
    quasarspywaretrojan

    • Quasar RAT

      Quasar is an open source Remote Access Tool.

      trojanspywarequasar

    • Executes dropped EXE

    • Loads dropped DLL

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1
T1053

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Credential Access

Discovery

System Information Discovery

3
T1082

Query Registry

3
T1012

Peripheral Device Discovery

1
T1120

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks