Overview

overview

10

Static

static

1

Uni.bat

windows10-2004-x64

10

Resubmissions

21-04-2024 01:41

240421-b4jlgsga9w 10

21-04-2024 01:20

240421-bqc7jsfc53 10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Uni.bat

  • Size

    1.8MB

  • Sample

    240421-b4jlgsga9w

  • MD5

    14516087f9549022d5582272910428b1

  • SHA1

    53324370839fa1c07bfa42cf7cb3039513805d42

  • SHA256

    745517dc1c6f989b9882959b31d34621c3a25dde79054f29ff6d7539a603ea3e

  • SHA512

    cda051bfe205763fe10c9b6970e3b56c4a6044d42d30c8f5ff1b722318c3b69aa1e86c898f4cb70d6e9c4846db8701e7c85b31c4356bf88ca1a8915bb2e0250f

  • SSDEEP

    24576:Kn1j2//LtzVBqLoCQw/376Fx2S6aryOdijwog7h66zQIG9GcQ0clANNPny:KdMW+wf+UAwIvczy

Score
10/10
quasarslavespywaretrojan

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

SLAVE

C2

uk2.localto.net:39077

Mutex

cc0a2b76-665e-4e16-b318-5ee02270fbcd

Attributes
  • encryption_key

    D7F09F1F0B9CECC640BA0B3D8975FBE5CED725B5

  • install_name

    UpdateHost.exe

  • log_directory

    Error Logs

  • reconnect_delay

    3000

  • startup_key

    WOS64

  • subdirectory

    Windows

Targets

    • Target

      Uni.bat

    • Size

      1.8MB

    • MD5

      14516087f9549022d5582272910428b1

    • SHA1

      53324370839fa1c07bfa42cf7cb3039513805d42

    • SHA256

      745517dc1c6f989b9882959b31d34621c3a25dde79054f29ff6d7539a603ea3e

    • SHA512

      cda051bfe205763fe10c9b6970e3b56c4a6044d42d30c8f5ff1b722318c3b69aa1e86c898f4cb70d6e9c4846db8701e7c85b31c4356bf88ca1a8915bb2e0250f

    • SSDEEP

      24576:Kn1j2//LtzVBqLoCQw/376Fx2S6aryOdijwog7h66zQIG9GcQ0clANNPny:KdMW+wf+UAwIvczy

    Score
    10/10
    quasarslavespywaretrojan

    • Quasar RAT

      Quasar is an open source Remote Access Tool.

      trojanspywarequasar

    • Quasar payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    behavioral1

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Scheduled Task/Job

1
T1053

Persistence

Scheduled Task/Job

1
T1053

Privilege Escalation

Scheduled Task/Job

1
T1053

Defense Evasion

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks