General
-
Target
Uni.bat
-
Size
5.1MB
-
Sample
240323-ydlpgsdh9x
-
MD5
23437e2baad94ab4255396007b06b3eb
-
SHA1
ebd04f77aa36f67a48e855601e31424b4547228d
-
SHA256
376ecc6bbf3db6782f5548c1d58c5c1a72146f684f395fa6e40253db10834546
-
SHA512
5d888ba40f8c63a1e8e18f8c152d5ed6aca400455982ee615712dff80ba4fbe719c86c6b7a44227275548cbff75cc23326902b9b2c9c4fa8e9ccb26c89f83589
-
SSDEEP
24576:bQcksZhAsxYu9bEUt4Qa1CFQa5Z4tp5ljbjvGr2BBgfretKRxMp+hrQB0eJM2a8V:kSbESV0MFJnGRfrnQwsxZLHC
Static task
static1
Behavioral task
behavioral1
Sample
Uni.bat
Resource
win7-20240221-en
Malware Config
Extracted
quasar
1.4.1
Slave
140.238.91.110:34353
25ab9d56-6ef2-47d3-99aa-2142fbcd41fa
-
encryption_key
8E710985199C6BF86CCE90DA92448A36E2F45F51
-
install_name
XWormV5.6.exe
-
log_directory
WindowsUPDLogs
-
reconnect_delay
3000
-
startup_key
Windows BIOS Update Checker
-
subdirectory
SubDir
Targets
-
-
Target
Uni.bat
-
Size
5.1MB
-
MD5
23437e2baad94ab4255396007b06b3eb
-
SHA1
ebd04f77aa36f67a48e855601e31424b4547228d
-
SHA256
376ecc6bbf3db6782f5548c1d58c5c1a72146f684f395fa6e40253db10834546
-
SHA512
5d888ba40f8c63a1e8e18f8c152d5ed6aca400455982ee615712dff80ba4fbe719c86c6b7a44227275548cbff75cc23326902b9b2c9c4fa8e9ccb26c89f83589
-
SSDEEP
24576:bQcksZhAsxYu9bEUt4Qa1CFQa5Z4tp5ljbjvGr2BBgfretKRxMp+hrQB0eJM2a8V:kSbESV0MFJnGRfrnQwsxZLHC
-
Quasar payload
-
Executes dropped EXE
-
Drops file in System32 directory
-