Overview

overview

10

Static

static

10

Driver.dll

windows11-21h2-x64

1

SlottedAimV2.exe

windows11-21h2-x64

10

mciavi32.dll

windows11-21h2-x64

1

spwizimg.dll

windows11-21h2-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    SlottedAimV2.rar

  • Size

    7.1MB

  • Sample

    240420-sdggwabb26

  • MD5

    04b4440a4dd4c687a388d993c0be18b7

  • SHA1

    3f363a3d4c04bde4609168336033bbdcd5555bd5

  • SHA256

    1cdd2cd88644b2d634ac27b95031bddcbb69479bf6bdd090a2257e40132a69c2

  • SHA512

    7f72cef7397380ba583c4034de5f10e42e1d40c268b82f63e3d17e85e2a8c1b498665be6f9235031ed3dc3f8efb2114982ef513bee79b49c743a61f98a384cc8

  • SSDEEP

    98304:LtIGDf639tvIF2/rvPzRrHY5rjoMQeYqolZIed277vRtf323r85zQ65gBB9UBr+U:LJII2rvbZHYibeYqolZIl7vRpn1RoU6S

Score
10/10
blankgrabberquasarfortnitespywarestealertrojanupx

Malware Config

Extracted

Family

quasar

Version

1.3.0.0

Botnet

FORTNITE

C2

hanekese.ddns.net:1005

Mutex

QSR_MUTEX_uKpgto5HxTzlVefHo9

Attributes
  • encryption_key

    RayN5IunUgPITKqRBUZA

  • install_name

    Client.exe

  • log_directory

    Logs

  • reconnect_delay

    3000

  • startup_key

    mac updater

  • subdirectory

    SubDir

Targets

    • Target

      Driver.dll

    • Size

      242KB

    • MD5

      9a41f2a54a2fa0b81b2511e32e914f2c

    • SHA1

      3276c4d7be73019a6a7fe8e218a98228ac930ce4

    • SHA256

      3cc04edaa12d7feed849f1b88e10d49b948b1ef2a62e197ac35d41e5b35dbfcc

    • SHA512

      8fd80dc238b3d8d75797720dc6117ff41b7064804ee243bc3e5d5c847c20856a22b30d9ed579aa1b565fc57c65bd138d913069a26cb71a93b0134b77df36dc27

    • SSDEEP

      3072:2QaHp8CKxa1Kd0B7itS5jWqJgvFmtPb9WxBvk4rFTbRL2LP/jWoF3tK8cDL6v51y:2QFPxm5BetSEqJgtibSs4HvD4YQ

    Score
    1/10
    behavioral1

    • Target

      SlottedAimV2.exe

    • Size

      7.0MB

    • MD5

      decace854bd66eba96581505cbb1f785

    • SHA1

      dfd6824e2db3a2ebb89208f0e5f69e6cc1661da6

    • SHA256

      ebbdf48aafe6c046eca7512a4e764629559392147518fdf2917751a891bfcd5d

    • SHA512

      e55f8afc9a36913aaa24932a94b82100a53accd4f5d8865fc207c9b50c607efa259115d53d5926e0b45c99c0b9dece02996a6b8db5d365af122ccbcdd69823c8

    • SSDEEP

      196608:WrSUf0qyleOjmFQR4MVGFtwLPCnL2hVcL:PVXKtM5LPCGcL

    Score
    10/10
    quasarfortnitespywarestealertrojanupx

    • Quasar RAT

      Quasar is an open source Remote Access Tool.

      trojanspywarequasar

    • Quasar payload

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral2

    • Target

      mciavi32.dll

    • Size

      101KB

    • MD5

      e9944f49dfaa4d580ddfbd676d61d397

    • SHA1

      6f9e0bfec72657355ee400c71668779ee41b5ba6

    • SHA256

      30317e32d7f5e36ad2674353a198f5b2760ff121c40cc0cf11be0cf9729fadb5

    • SHA512

      fd494ad6aa5520e3e115cc5104882aa9922ecb181e61a03969aad73273ffa6cd8c0269994e0eec8676b41d2a7832db722d51b5e0bce9c7a7ed8d11b5330a289b

    • SSDEEP

      1536:4bfvWWJHxioRuscmoKKHeH8vQINmgZUg4nP8lNM3t3qs7SO2xjlyGp8w:4rWmsscmoKgDQInYXt3qsHSJyS8w

    Score
    1/10
    behavioral3

    • Target

      spwizimg.dll

    • Size

      5.6MB

    • MD5

      6259c2ebf8f1b15c4b075e413bf32598

    • SHA1

      80ef443ed0dc3c93476b7a0edfa0fd76f2baa50a

    • SHA256

      b206630e0c06b9bea1809d80b9f2601ee417857e7c8a22c1854e30c08ea744e1

    • SHA512

      ecab9c71e95dcf2463490f34a2a66f5e9353b4be9af888f30b4e93520b4fa5a6a8fac5e69f84efeb88e195758d951cba8e36c9957eef261f4f9fb063bb04e395

    • SSDEEP

      3072:OtsxIS9L+rz5iG7aB+H+Yge19NT6lBc/0yY+wcE9rCbpxTNX5vNRZWyXzyKblUuB:O6xISpQiG7aBMjNxTNX5vZ

    Score
    1/10
    behavioral4

MITRE ATT&CK Enterprise v15

Tasks