Overview

overview

10

Static

static

3

SeroXen Launcher.exe

windows11-21h2-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    SeroXen Launcher.exe

  • Size

    787KB

  • Sample

    240515-1s8hxaea3x

  • MD5

    17db30a8534b23522fd78de47c0dcb0e

  • SHA1

    54090b4efef19f75920d4d4777a540949291915e

  • SHA256

    e5429c4ca6a72ebefb61fd3da470a2f8aea6b82cbbeb495834e3d376ce06f878

  • SHA512

    33b9481f07fe4341f7ad527379570018ff8bf6d8c6a4a5b8cc42b128d7ecbfe16462a8c437d139a37335211d1a0f1b4c0afea216b2a6cfcb7cd30bed76a971de

  • SSDEEP

    12288:OTzmTxA8/CRrETd9n0B0r90X31CW2GvdwaAElhB8X3v/0qjegZD94Vx1WCaTs:UjZ4Z0B2ClyadnB8X3v/0qjeqx2TWCd

Score
10/10
quasarseroxenspywaretrojan

Malware Config

Extracted

Family

quasar

Version

3.1.5

Botnet

SeroXen

C2

even-lemon.gl.at.ply.gg:33587

Mutex

$Sxr-saP4G4ZSqv4MBoKbNC

Attributes
  • encryption_key

    VKNoex1bjxGlbI08GaQD

  • install_name

    $sxr-powershell.exe

  • log_directory

    $SXR-KEYLOGS

  • reconnect_delay

    3000

  • startup_key

    $sxr-powershell

  • subdirectory

    $sxr-seroxen2

Targets

    • Target

      SeroXen Launcher.exe

    • Size

      787KB

    • MD5

      17db30a8534b23522fd78de47c0dcb0e

    • SHA1

      54090b4efef19f75920d4d4777a540949291915e

    • SHA256

      e5429c4ca6a72ebefb61fd3da470a2f8aea6b82cbbeb495834e3d376ce06f878

    • SHA512

      33b9481f07fe4341f7ad527379570018ff8bf6d8c6a4a5b8cc42b128d7ecbfe16462a8c437d139a37335211d1a0f1b4c0afea216b2a6cfcb7cd30bed76a971de

    • SSDEEP

      12288:OTzmTxA8/CRrETd9n0B0r90X31CW2GvdwaAElhB8X3v/0qjegZD94Vx1WCaTs:UjZ4Z0B2ClyadnB8X3v/0qjeqx2TWCd

    Score
    10/10
    quasarseroxenspywaretrojan

    • Quasar RAT

      Quasar is an open source Remote Access Tool.

      trojanspywarequasar

    • Quasar payload

    • Executes dropped EXE

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral1

MITRE ATT&CK Enterprise v15

Tasks