Overview

overview

10

Static

static

3

a10dcc9d7a...e3.exe

windows7-x64

10

a10dcc9d7a...e3.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    a10dcc9d7a81791fe288bbe58ad046e3

  • Size

    1.2MB

  • Sample

    240224-f4e1hsbd6x

  • MD5

    a10dcc9d7a81791fe288bbe58ad046e3

  • SHA1

    3f0d0ffa580f8c504fe75ed3f295621d2c0a17fc

  • SHA256

    97f8c59bc4de919eb1cd0530cb96ab278e81330f893224aea145514e47f4d097

  • SHA512

    921d89eb070e687921e35160289fdfb53edef0c96201482f80bf4124496f3c5d9a56f6183f67d2309f78e07194571aafa5051adf57f8d128713a538c4e8d1b8f

  • SSDEEP

    24576:ko2A4d+A+d/axWtr0sa5Qyajklxmwx58rK/NJKao5:zb3BJaxery5QyayxXz8mJKl

Score
10/10
quasarspywaretrojan

Malware Config

Targets

    • Target

      a10dcc9d7a81791fe288bbe58ad046e3

    • Size

      1.2MB

    • MD5

      a10dcc9d7a81791fe288bbe58ad046e3

    • SHA1

      3f0d0ffa580f8c504fe75ed3f295621d2c0a17fc

    • SHA256

      97f8c59bc4de919eb1cd0530cb96ab278e81330f893224aea145514e47f4d097

    • SHA512

      921d89eb070e687921e35160289fdfb53edef0c96201482f80bf4124496f3c5d9a56f6183f67d2309f78e07194571aafa5051adf57f8d128713a538c4e8d1b8f

    • SSDEEP

      24576:ko2A4d+A+d/axWtr0sa5Qyajklxmwx58rK/NJKao5:zb3BJaxery5QyayxXz8mJKl

    Score
    10/10
    quasarspywaretrojan

    • Contains code to disable Windows Defender

      A .NET executable tasked with disabling Windows Defender capabilities such as realtime monitoring, blocking at first seen, etc.

    • Quasar RAT

      Quasar is an open source Remote Access Tool.

      trojanspywarequasar

    • Quasar payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Legitimate hosting services abused for malware hosting/C2

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks