Overview

overview

10

Static

static

10

ZebraObfuscator.exe

windows10-1703-x64

10

ZebraObfuscator.exe

windows10-2004-x64

10

ZebraObfuscator.exe

windows11-21h2-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    ZebraObfuscator.exe

  • Size

    3.1MB

  • Sample

    240519-2d6ansea8s

  • MD5

    a98be80edea7fa660fc36b2702ad262b

  • SHA1

    b18b3cada82a61bfbb1ed5d56550223ce0d10fe2

  • SHA256

    2acce0fae72f9e23576cc9826106695c4d168cb010927ec45fd404af32db9d0a

  • SHA512

    82d7090d044f4bfc2f0993b4fec70b11d0a16364d8c1a764418d95845ae7f67647a800040ea2e8405d0b836eab62f2fe171a420ebafd548d52decec4cae42c4a

  • SSDEEP

    49152:TvEI22SsaNYfdPBldt698dBcjHi0iUuBeYuocdkhRoTHHB72eh2NT:Tvp22SsaNYfdPBldt6+dBcjHi5UzG

Score
10/10
quasarobfuscatorspywaretrojan

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

Obfuscator

C2

even-lemon.gl.at.ply.gg:33587

Mutex

1272508c-0529-4a9c-ae6e-b9fe2c597a25

Attributes
  • encryption_key

    2695178836BA12133DD75A122E23A754EAD78C5F

  • install_name

    $sxr-powershell.exe

  • log_directory

    Windows

  • reconnect_delay

    3000

  • startup_key

    Powershell

  • subdirectory

    $sxr-seroxen2

Targets

    • Target

      ZebraObfuscator.exe

    • Size

      3.1MB

    • MD5

      a98be80edea7fa660fc36b2702ad262b

    • SHA1

      b18b3cada82a61bfbb1ed5d56550223ce0d10fe2

    • SHA256

      2acce0fae72f9e23576cc9826106695c4d168cb010927ec45fd404af32db9d0a

    • SHA512

      82d7090d044f4bfc2f0993b4fec70b11d0a16364d8c1a764418d95845ae7f67647a800040ea2e8405d0b836eab62f2fe171a420ebafd548d52decec4cae42c4a

    • SSDEEP

      49152:TvEI22SsaNYfdPBldt698dBcjHi0iUuBeYuocdkhRoTHHB72eh2NT:Tvp22SsaNYfdPBldt6+dBcjHi5UzG

    Score
    10/10
    quasarobfuscatorspywaretrojan

    • Quasar RAT

      Quasar is an open source Remote Access Tool.

      trojanspywarequasar

    • Quasar payload

    • Executes dropped EXE

    behavioral1behavioral2behavioral3

MITRE ATT&CK Enterprise v15

Tasks