Overview
overview
10Static
static
10ValoaimV8.exe
windows11-21h2-x64
10ValoaimV8.exe
ubuntu-18.04-amd64
ValoaimV8.exe
debian-9-armhf
ValoaimV8.exe
debian-9-mips
ValoaimV8.exe
debian-9-mipsel
XInput1_4.dll
windows11-21h2-x64
1mfcm140u.dll
windows11-21h2-x64
1mfcm140u.dll
ubuntu-18.04-amd64
mfcm140u.dll
debian-9-armhf
mfcm140u.dll
debian-9-mips
mfcm140u.dll
debian-9-mipsel
rasadhlp.dll
windows11-21h2-x64
1umpdc.dll
windows11-21h2-x64
1General
-
Target
ValoaimV8.rar
-
Size
7.0MB
-
Sample
240420-se6s6abb57
-
MD5
8cad4d2de4a7be6bdb70a9554140f1a1
-
SHA1
6e9ba7b352ff16515f39acb5479636ba84b67428
-
SHA256
193d9acadf1f7cb18bd295f774c644f34da72dbc10c2eccd39c858f55f320a2f
-
SHA512
c90d28bff2011d6748619134747e9806eedf2a321059a0ee12f8b1ffe0305970879ffef8a64c5212048cc35266a2e541fcc0f18458701c4fc03ef0151b80ec05
-
SSDEEP
196608:GCdDUMZIOaN3e8iYIRlOdwxPAsfZs77AE0d8EEF7Sx:nGiIO6FiJNRctypz
Behavioral task
behavioral1
Sample
ValoaimV8.exe
Resource
win11-20240412-en
Behavioral task
behavioral2
Sample
ValoaimV8.exe
Resource
ubuntu1804-amd64-20240226-en
Behavioral task
behavioral3
Sample
ValoaimV8.exe
Resource
debian9-armhf-20240226-en
Behavioral task
behavioral4
Sample
ValoaimV8.exe
Resource
debian9-mipsbe-20240226-en
Behavioral task
behavioral5
Sample
ValoaimV8.exe
Resource
debian9-mipsel-20240226-en
Behavioral task
behavioral6
Sample
XInput1_4.dll
Resource
win11-20240412-en
Behavioral task
behavioral7
Sample
mfcm140u.dll
Resource
win11-20240412-en
Behavioral task
behavioral8
Sample
mfcm140u.dll
Resource
ubuntu1804-amd64-20240226-en
Behavioral task
behavioral9
Sample
mfcm140u.dll
Resource
debian9-armhf-20240226-en
Behavioral task
behavioral10
Sample
mfcm140u.dll
Resource
debian9-mipsbe-20240226-en
Behavioral task
behavioral11
Sample
mfcm140u.dll
Resource
debian9-mipsel-20240226-en
Behavioral task
behavioral12
Sample
rasadhlp.dll
Resource
win11-20240412-en
Behavioral task
behavioral13
Sample
umpdc.dll
Resource
win11-20240412-en
Malware Config
Extracted
quasar
1.3.0.0
Valorant
hanekese.ddns.net:1005
QSR_MUTEX_vjIusnIFPVRxcR2xS4
-
encryption_key
5V49FWeqLdk5NQWJl6h7
-
install_name
Client.exe
-
log_directory
Logs
-
reconnect_delay
3000
-
startup_key
mac updater
-
subdirectory
SubDir
Targets
-
-
Target
ValoaimV8.exe
-
Size
20.0MB
-
MD5
4ed9006d9970ee5f1ee6486cfc663ee6
-
SHA1
258fbba6e43c23ad9680576cc51a7c0906387354
-
SHA256
443be4b5119ad344755137062321a4f5c249e8fb95482183c21378ba93fd96bf
-
SHA512
952750f7e1a1182ed69ef837b0ea053a66ef1f65d8a534a2a445a660677fc19f2eca6aa66e25e6bafedd94bbf9ccd99e3feea63b0bbd8a36d8683f67c2c63daa
-
SSDEEP
98304:zrcxzdbM+Q2y+aq0mGRk2jOjFgFQlwq4Mjk+dBZtu9xTtwz/aer6/BbQEJ1nL2hS:zrcbf0mPEOjmFQR4MVGFtwLPCnL2hVcr
-
Quasar payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
-
-
Target
XInput1_4.dll
-
Size
44KB
-
MD5
3b38601c450d38f14bd9ee43eb1e64f5
-
SHA1
00fe510eecd4f31fcefa4c962c1db2146e23bfb8
-
SHA256
cc119f987bf33731fcd22c3a9bbcc675f31d80593a4c26428b363d6eedef974b
-
SHA512
ec915169daefa85383ca2a0cf842231bd5d4ab3453f354280065ff4e1766deea56d07ab56a0b7bfa3d02ce939600fcda70af64f73f8e3fbf778b9d4ba187a644
-
SSDEEP
768:PxImrwYzySuuBTaPTBL55vjCF9nkKw5WGKwxhkdX7bI:JbcYT+F5J0+B5WGKwMdX7bI
Score1/10 -
-
-
Target
mfcm140u.dll
-
Size
94KB
-
MD5
ab035545e809e5e7c8cd9cd44b89f64b
-
SHA1
b869df48596cd753fea7dc5a2bec0ea80d70b390
-
SHA256
71dd9c15438bc082c56d320cbcb34a7cef366884a95fcbb18b9f6b6dd2b0291f
-
SHA512
ddeb7713d500a921fdbc969cac0988abde7d9ba5ebc16a349a473ee3beb8110eba23620b766dd8ed94d87e6dad15be40a5c9433bf88d48faec24b42399683412
-
SSDEEP
1536:OnKBn5WzzDxSVM5yj64+JGY0swu7fpbjMLuZOzlx+z2JBwaa+zNM:DBszDxSVM5664+JGY0st3MaZueCtBM
Score1/10 -
-
-
Target
rasadhlp.dll
-
Size
17KB
-
MD5
339501f87253fc863acede45ee251f75
-
SHA1
c51a9ba91d05fc12f7cda33bdb160186d21d123c
-
SHA256
81a4eecae1d6be831a6a720fdab12095cc5ce009798b551de802252a44dad425
-
SHA512
246eb46bd457a8b91d9a84b607a4c197ade81cc9d79920785c801f1405b2d05d3769e74bae56046697806668e6e82991187f024c122cbf341715b98bcd1e3941
-
SSDEEP
192:5/q7AhoBPt+AJHBefST3TPpTG67lQupK6ZmfDMZTmQBoyEtq6vaeqWpYW:M5Pt3JhYUnXolqIqWpYW
Score1/10 -
-
-
Target
umpdc.dll
-
Size
64KB
-
MD5
c836a39340a6981ff4ee71e8903df93b
-
SHA1
f17a1e567fdc6ccec0333f4cdc64c1a4ce4a0948
-
SHA256
52149a7fee76e2022a8b71467b512073c0ac3b10ac763f232adfb38f69ae057c
-
SHA512
1e1498f8c8923ccd4c6e9b80947a18ba11aa8633d9be3a32ce91839346397e2074636424ad23f439d6b2fa55a567c8933ceb81b1b4047a2a7c22ac9cff24bb2e
-
SSDEEP
1536:xMwE8iBRdHEZvGD1+q6J0tUobNbBPUQSGcNP19zl:qzRdkZvGD1+q6UUobNbBcQSGwt9B
Score1/10 -