blankgrabber | 193d9acadf1f7cb18bd295f774c644f34da72dbc10c2eccd39c858f55f320a2f

Sharing

Copy URL

Twitter E-mail

General

Target

ValoaimV8.rar
Size

7.0MB
Sample

240420-se6s6abb57
MD5

8cad4d2de4a7be6bdb70a9554140f1a1
SHA1

6e9ba7b352ff16515f39acb5479636ba84b67428
SHA256

193d9acadf1f7cb18bd295f774c644f34da72dbc10c2eccd39c858f55f320a2f
SHA512

c90d28bff2011d6748619134747e9806eedf2a321059a0ee12f8b1ffe0305970879ffef8a64c5212048cc35266a2e541fcc0f18458701c4fc03ef0151b80ec05
SSDEEP

196608:GCdDUMZIOaN3e8iYIRlOdwxPAsfZs77AE0d8EEF7Sx:nGiIO6FiJNRctypz

Score

10^/10

Malware Config

Extracted

Family

quasar

Version

1.3.0.0

Botnet

Valorant

hanekese.ddns.net:1005

Mutex

QSR_MUTEX_vjIusnIFPVRxcR2xS4

Attributes

encryption_key
5V49FWeqLdk5NQWJl6h7
install_name
Client.exe
log_directory
Logs
reconnect_delay
3000
startup_key
mac updater
subdirectory
SubDir

Targets

- Target
  
  ValoaimV8.exe
- Size
  
  20.0MB
- MD5
  
  4ed9006d9970ee5f1ee6486cfc663ee6
- SHA1
  
  258fbba6e43c23ad9680576cc51a7c0906387354
- SHA256
  
  443be4b5119ad344755137062321a4f5c249e8fb95482183c21378ba93fd96bf
- SHA512
  
  952750f7e1a1182ed69ef837b0ea053a66ef1f65d8a534a2a445a660677fc19f2eca6aa66e25e6bafedd94bbf9ccd99e3feea63b0bbd8a36d8683f67c2c63daa
- SSDEEP
  
  98304:zrcxzdbM+Q2y+aq0mGRk2jOjFgFQlwq4Mjk+dBZtu9xTtwz/aer6/BbQEJ1nL2hS:zrcbf0mPEOjmFQR4MVGFtwLPCnL2hVcr
Score

10^/10

quasar valorant spyware stealer trojan upx
- Quasar RAT
  Quasar is an open source Remote Access Tool.
  trojan spyware quasar
- Quasar payload
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2 behavioral3 behavioral4 behavioral5
- Target
  
  XInput1_4.dll
- Size
  
  44KB
- MD5
  
  3b38601c450d38f14bd9ee43eb1e64f5
- SHA1
  
  00fe510eecd4f31fcefa4c962c1db2146e23bfb8
- SHA256
  
  cc119f987bf33731fcd22c3a9bbcc675f31d80593a4c26428b363d6eedef974b
- SHA512
  
  ec915169daefa85383ca2a0cf842231bd5d4ab3453f354280065ff4e1766deea56d07ab56a0b7bfa3d02ce939600fcda70af64f73f8e3fbf778b9d4ba187a644
- SSDEEP
  
  768:PxImrwYzySuuBTaPTBL55vjCF9nkKw5WGKwxhkdX7bI:JbcYT+F5J0+B5WGKwMdX7bI
Score

1^/10
behavioral6
- Target
  
  mfcm140u.dll
- Size
  
  94KB
- MD5
  
  ab035545e809e5e7c8cd9cd44b89f64b
- SHA1
  
  b869df48596cd753fea7dc5a2bec0ea80d70b390
- SHA256
  
  71dd9c15438bc082c56d320cbcb34a7cef366884a95fcbb18b9f6b6dd2b0291f
- SHA512
  
  ddeb7713d500a921fdbc969cac0988abde7d9ba5ebc16a349a473ee3beb8110eba23620b766dd8ed94d87e6dad15be40a5c9433bf88d48faec24b42399683412
- SSDEEP
  
  1536:OnKBn5WzzDxSVM5yj64+JGY0swu7fpbjMLuZOzlx+z2JBwaa+zNM:DBszDxSVM5664+JGY0st3MaZueCtBM
Score

1^/10
behavioral10 behavioral11 behavioral7 behavioral8 behavioral9
- Target
  
  rasadhlp.dll
- Size
  
  17KB
- MD5
  
  339501f87253fc863acede45ee251f75
- SHA1
  
  c51a9ba91d05fc12f7cda33bdb160186d21d123c
- SHA256
  
  81a4eecae1d6be831a6a720fdab12095cc5ce009798b551de802252a44dad425
- SHA512
  
  246eb46bd457a8b91d9a84b607a4c197ade81cc9d79920785c801f1405b2d05d3769e74bae56046697806668e6e82991187f024c122cbf341715b98bcd1e3941
- SSDEEP
  
  192:5/q7AhoBPt+AJHBefST3TPpTG67lQupK6ZmfDMZTmQBoyEtq6vaeqWpYW:M5Pt3JhYUnXolqIqWpYW
Score

1^/10
behavioral12
- Target
  
  umpdc.dll
- Size
  
  64KB
- MD5
  
  c836a39340a6981ff4ee71e8903df93b
- SHA1
  
  f17a1e567fdc6ccec0333f4cdc64c1a4ce4a0948
- SHA256
  
  52149a7fee76e2022a8b71467b512073c0ac3b10ac763f232adfb38f69ae057c
- SHA512
  
  1e1498f8c8923ccd4c6e9b80947a18ba11aa8633d9be3a32ce91839346397e2074636424ad23f439d6b2fa55a567c8933ceb81b1b4047a2a7c22ac9cff24bb2e
- SSDEEP
  
  1536:xMwE8iBRdHEZvGD1+q6J0tUobNbBPUQSGcNP19zl:qzRdkZvGD1+q6UUobNbBcQSGwt9B
Score

1^/10
behavioral13

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

System Information Discovery

T1082

Process Discovery

T1057

Lateral Movement

Collection

Data from Local System

T1005

Exfiltration

Command and Control

Web Service

T1102

Impact

Resource Development

Reconnaissance

Tasks

Sharing

General

Malware Config

Extracted

Targets

Quasar RAT

Quasar payload

Executes dropped EXE

Loads dropped DLL

Reads user/profile data of web browsers

UPX packed file

Accesses cryptocurrency files/wallets, possible credential harvesting

Legitimate hosting services abused for malware hosting/C2

Looks up external IP address via web service

MITRE ATT&CK Matrix ATT&CK v13

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13