Overview

overview

10

Static

static

1

Fix-obf.bat

windows7-x64

10

Fix-obf.bat

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Fix-obf.bat

  • Size

    24KB

  • Sample

    240512-xtny4seg22

  • MD5

    f5309c94ee64f81d31a70a0f40e94cf9

  • SHA1

    906f9f8557ccaef4d911d4274384493bfcc07c8f

  • SHA256

    56dc2b78268152ae625035e026b5e43c269c9e440cbe1015f840200ee2cd4d6a

  • SHA512

    0a58546adab1abebd91c294c127e655db059559a385d26d495ee945caa071fbe878c80dc8269afca2baaa93477cbbeef496a293caac6ac1d88016f7a51756de2

  • SSDEEP

    384:UH02YgJBHbbQzpSLXNR8uWc5wu+ChsaguUvT27jxixHlLQ1vyk0dC:OyQHbbmpK9muWc5wu+ChstuUvyhi7k3

Score
10/10
quasardiscoveryexecutionspywaretrojan

Malware Config

Targets

    • Target

      Fix-obf.bat

    • Size

      24KB

    • MD5

      f5309c94ee64f81d31a70a0f40e94cf9

    • SHA1

      906f9f8557ccaef4d911d4274384493bfcc07c8f

    • SHA256

      56dc2b78268152ae625035e026b5e43c269c9e440cbe1015f840200ee2cd4d6a

    • SHA512

      0a58546adab1abebd91c294c127e655db059559a385d26d495ee945caa071fbe878c80dc8269afca2baaa93477cbbeef496a293caac6ac1d88016f7a51756de2

    • SSDEEP

      384:UH02YgJBHbbQzpSLXNR8uWc5wu+ChsaguUvT27jxixHlLQ1vyk0dC:OyQHbbmpK9muWc5wu+ChstuUvyhi7k3

    Score
    10/10
    quasardiscoveryexecutionspywaretrojan

    • Quasar RAT

      Quasar is an open source Remote Access Tool.

      trojanspywarequasar

    • Quasar payload

    • Command and Scripting Interpreter: PowerShell

      Run Powershell and hide display window.

      execution

    • Downloads MZ/PE file

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Modifies file permissions

      discovery
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks