General
-
Target
Loader.exe
-
Size
25.9MB
-
Sample
240428-2rae6abd9w
-
MD5
782550d7758ae90927c850481938a784
-
SHA1
ec22beb95436c052dc7ae7d9acf227a96bb005bc
-
SHA256
a3f7f2ee70b5d3b3e04bfa55949327cb2699aa454f22011bb824ebb5a26fdbf9
-
SHA512
091400ef702f9f6ba2025cb6736833ebe119c91bf9d68b4f3bcf4428266bba63e1368a9aeca6c283795eacdbfeda98e1e33b5c4a935ecd52c6e2a9ccd653c757
-
SSDEEP
393216:dPWf2uN+JP8PwyqqHwkeY3HnFwKlY3+DbkU0bUf4fetjhoynGycGhuVretCwLzvb:dPDGqqHwkx2K23+DuUwfyj9b5Uvqb
Static task
static1
Malware Config
Extracted
quasar
1.4.1
spoofer
192.168.1.9:4782
47.13.251.179:4782
a3394281-6ed5-43a7-afb3-ef307491a25e
-
encryption_key
1D21D2117C53149BFE9297D912388D2A8EE0417B
-
install_name
Graphics.exe
-
log_directory
l
-
reconnect_delay
3000
-
startup_key
AMD
-
subdirectory
AMD
Targets
-
-
Target
Loader.exe
-
Size
25.9MB
-
MD5
782550d7758ae90927c850481938a784
-
SHA1
ec22beb95436c052dc7ae7d9acf227a96bb005bc
-
SHA256
a3f7f2ee70b5d3b3e04bfa55949327cb2699aa454f22011bb824ebb5a26fdbf9
-
SHA512
091400ef702f9f6ba2025cb6736833ebe119c91bf9d68b4f3bcf4428266bba63e1368a9aeca6c283795eacdbfeda98e1e33b5c4a935ecd52c6e2a9ccd653c757
-
SSDEEP
393216:dPWf2uN+JP8PwyqqHwkeY3HnFwKlY3+DbkU0bUf4fetjhoynGycGhuVretCwLzvb:dPDGqqHwkx2K23+DuUwfyj9b5Uvqb
-
Quasar payload
-
XMRig Miner payload
-
Creates new service(s)
-
Drops file in Drivers directory
-
Stops running service(s)
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Matrix ATT&CK v13
Persistence
Create or Modify System Process
2Windows Service
2Scheduled Task/Job
1Privilege Escalation
Create or Modify System Process
2Windows Service
2Scheduled Task/Job
1