Malware Analysis Report

2025-01-18 04:24

Sample ID 240101-ak48eagedm
Target binggo.exe
SHA256 fb9851c55cf1b38c16336e7bf2a27baf53f148b9349221c30a5964e0f9f4dfb9
Tags
office04 quasar
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

fb9851c55cf1b38c16336e7bf2a27baf53f148b9349221c30a5964e0f9f4dfb9

Threat Level: Known bad

The file binggo.exe was found to be: Known bad.

Malicious Activity Summary

office04 quasar

Quasar payload

Quasar family

Unsigned PE

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2024-01-01 00:17

Signatures

Quasar family

quasar

Quasar payload

Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-01-01 00:17

Reported

2024-01-01 00:20

Platform

win10v2004-20231222-en

Max time network

135s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
US 8.8.8.8:53 21.177.190.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 2.136.104.51.in-addr.arpa udp
US 8.8.8.8:53 26.35.223.20.in-addr.arpa udp
US 147.185.221.17:56251 tcp
US 147.185.221.17:56251 tcp
GB 96.17.178.194:80 tcp
GB 96.17.178.194:80 tcp
GB 96.17.178.194:80 tcp

Files

N/A