Overview

overview

10

Static

static

1

Ez-bypasser[2].bat

windows7-x64

4

Ez-bypasser[2].bat

windows10-2004-x64

10

Resubmissions

25/02/2024, 15:14

240225-smdscaed63 10

25/02/2024, 15:12

240225-slchwsfc5z 4

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Ez-bypasser[2].bat

  • Size

    15.0MB

  • Sample

    240225-smdscaed63

  • MD5

    975cfd979fcda6c10572700beab9040e

  • SHA1

    a8914c95cfdbccd1ae5fb9ada515916b1b13a60b

  • SHA256

    2fc2779f7a030369ac3ec71315b98bc054026e83e8be0a4ee2360753c817fea1

  • SHA512

    cae827a8fc4ebc8b4db8b072092e48422db46d882a7bea86d8b7d771f35e25411b51c636227b88b766b00b2bb4c2a535ef46c7a72a964af4fd7a30c3bc5c4036

  • SSDEEP

    49152:JU2JSZCYCzcB+iYA8nT+ptpFcvhVX26MXKeyFl4L7BN25GuKrYrs476pPPWP9Y4Q:U

Score
10/10
quasarspywaretrojan

Malware Config

Extracted

Family

quasar

Attributes
  • reconnect_delay

    3000

Targets

    • Target

      Ez-bypasser[2].bat

    • Size

      15.0MB

    • MD5

      975cfd979fcda6c10572700beab9040e

    • SHA1

      a8914c95cfdbccd1ae5fb9ada515916b1b13a60b

    • SHA256

      2fc2779f7a030369ac3ec71315b98bc054026e83e8be0a4ee2360753c817fea1

    • SHA512

      cae827a8fc4ebc8b4db8b072092e48422db46d882a7bea86d8b7d771f35e25411b51c636227b88b766b00b2bb4c2a535ef46c7a72a964af4fd7a30c3bc5c4036

    • SSDEEP

      49152:JU2JSZCYCzcB+iYA8nT+ptpFcvhVX26MXKeyFl4L7BN25GuKrYrs476pPPWP9Y4Q:U

    Score
    10/10
    quasarspywaretrojan

    • Quasar RAT

      Quasar is an open source Remote Access Tool.

      trojanspywarequasar

    • Quasar payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Executes dropped EXE

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks