Overview

overview

10

Static

static

10

InfinityBETA.V2.exe

windows7-x64

10

InfinityBETA.V2.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    InfinityBETA.V2.exe

  • Size

    3.1MB

  • Sample

    240518-ll2dpadf32

  • MD5

    1b84762faebd8469f686f703cbaef7b9

  • SHA1

    41e135a8a2a9525e09a2303055430e36d95780cd

  • SHA256

    4b857bc454edef7fa460fecb36f676fa38bab8b3304f3f07d12b9777fa0b68cb

  • SHA512

    da9482a2ef6fbe659afff4c5a0d1911145bb93be47dd5a714e4e1c24802f1e9d9669f5a209665a7da752e56d2c82c41e48c5bd951d26a2cd763fc8a62d4e703c

  • SSDEEP

    49152:PvylL26AaNeWgPhlmVqvMQ7XSKO1RboGreTHHB72eh2NT:PvqL26AaNeWgPhlmVqkQ7XSKO1l

Score
10/10
quasarpoofnricospywaretrojan

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

PoofNRico

C2

nahchris-49021.portmap.host:49021

Mutex

1a5d095f-2c59-4b3f-b053-5bd928b2e541

Attributes
  • encryption_key

    ADBAB4BC16998E7E1913E54C27829FE47C72BE6D

  • install_name

    PlutoBETAv2.exe

  • log_directory

    Logs

  • reconnect_delay

    3000

  • startup_key

    DiscordUpdater.exe

  • subdirectory

    PlutoBETAv2

Targets

    • Target

      InfinityBETA.V2.exe

    • Size

      3.1MB

    • MD5

      1b84762faebd8469f686f703cbaef7b9

    • SHA1

      41e135a8a2a9525e09a2303055430e36d95780cd

    • SHA256

      4b857bc454edef7fa460fecb36f676fa38bab8b3304f3f07d12b9777fa0b68cb

    • SHA512

      da9482a2ef6fbe659afff4c5a0d1911145bb93be47dd5a714e4e1c24802f1e9d9669f5a209665a7da752e56d2c82c41e48c5bd951d26a2cd763fc8a62d4e703c

    • SSDEEP

      49152:PvylL26AaNeWgPhlmVqvMQ7XSKO1RboGreTHHB72eh2NT:PvqL26AaNeWgPhlmVqkQ7XSKO1l

    Score
    10/10
    quasarpoofnricospywaretrojan

    • Quasar RAT

      Quasar is an open source Remote Access Tool.

      trojanspywarequasar

    • Quasar payload

    • Executes dropped EXE

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Scheduled Task/Job

1
T1053

Persistence

Scheduled Task/Job

1
T1053

Privilege Escalation

Scheduled Task/Job

1
T1053

Defense Evasion

Credential Access

Discovery

Query Registry

2
T1012

Peripheral Device Discovery

1
T1120

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks