Overview

overview

10

Static

static

1

yfYldCd4zm.bat

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    yfYldCd4zm.bat

  • Size

    161B

  • Sample

    240217-2yhp4sbe6w

  • MD5

    f131134ea9f39c97d20b36c1ca169c49

  • SHA1

    8842cfb3be34452ae9c16a62812d087742808312

  • SHA256

    3a2f7a15c885f28af81322d48a6a607b6717a487f82eee96203e65487ff2786c

  • SHA512

    0e9ac3decdfea771d8e6c3c29fc876c329aae7800c0aeb4e945dc06381536b5f77272d68bbf9c0c9637c2fd7267b7dd28336b19822be11e20dab621f58601af7

Score
10/10
quasarhellopersistencespywaretrojan

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

hello

C2

89.149.23.59:4782

Mutex

d0451a4c-3a53-4846-a269-e7bb8a5dbdab

Attributes
  • encryption_key

    721E9608C03075731B2EB2A814C5962CEFBBD83F

  • install_name

    Hello.exe

  • log_directory

    ok

  • reconnect_delay

    3000

  • startup_key

    Microsoft

  • subdirectory

    SubDir

Targets

    • Target

      yfYldCd4zm.bat

    • Size

      161B

    • MD5

      f131134ea9f39c97d20b36c1ca169c49

    • SHA1

      8842cfb3be34452ae9c16a62812d087742808312

    • SHA256

      3a2f7a15c885f28af81322d48a6a607b6717a487f82eee96203e65487ff2786c

    • SHA512

      0e9ac3decdfea771d8e6c3c29fc876c329aae7800c0aeb4e945dc06381536b5f77272d68bbf9c0c9637c2fd7267b7dd28336b19822be11e20dab621f58601af7

    Score
    10/10
    quasarhellopersistencespywaretrojan

    • Quasar RAT

      Quasar is an open source Remote Access Tool.

      trojanspywarequasar

    • Quasar payload

    • Executes dropped EXE

    • Adds Run key to start application

      persistence

    • Legitimate hosting services abused for malware hosting/C2

    behavioral1

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Scheduled Task/Job

1
T1053

Persistence

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Scheduled Task/Job

1
T1053

Privilege Escalation

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Scheduled Task/Job

1
T1053

Defense Evasion

Modify Registry

2
T1112

Credential Access

Discovery

Query Registry

4
T1012

Peripheral Device Discovery

1
T1120

System Information Discovery

3
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

1
T1102

Impact

Resource Development

Reconnaissance

Tasks