Extracted

Extracted

• • Target

    vir.exe

  • Size

    36.2MB

  • MD5

    b264bf0492e3370ceda89b4163ec4fce

  • SHA1

    3999871b86399e8e7f00b7f07337eb33c36b2da0

  • SHA256

    5fcd371bdff34f9ac235a59e3b3f82c45638f94d144674cce9befe28c1d74edd

  • SHA512

    6cc45147128c5361c42a4f7bf111c8a76cf0b9a6a57a4fe56e8916e550d8c8bba987e7aee2db338c39bdd0f3ce7d0115bb8f1e578ea8eb5b1d300c986b1613ff

  • SSDEEP

    786432:a4RerlLa3nwEwrkACTe6YQbjGEhM67HXkvj:XulW3wEoA3HUr

  Score

  10^/10

  quasarromkadiscoveryevasionexecutionpersistencespywarestealertrojanupx

  • Modifies WinLogon for persistence

    persistence

  • Modifies visibility of file extensions in Explorer

    evasion

  • Modifies visiblity of hidden/system files in Explorer

    evasion

  • Quasar RAT

    Quasar is an open source Remote Access Tool.

    trojanspywarequasar

  • Quasar payload

  • UAC bypass

    evasiontrojan

  • Windows security bypass

    evasiontrojan

  • Disables RegEdit via registry modification

    evasion

  • .NET Reactor proctector

    Detects an executable protected by an unregistered version of Eziriz's .NET Reactor.

  • Executes dropped EXE

  • Modifies file permissions

    discovery

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx

  • Windows security modification

    evasiontrojan

  • Adds Run key to start application

    persistence

  • Checks whether UAC is enabled

    evasiontrojan

  • Enumerates connected drives

    Attempts to read the root path of hard drives other than the default C: drive.

  • Modifies WinLogon

    persistence

  • AutoIT Executable

    AutoIT scripts compiled to PE executables.

  • Drops file in System32 directory

  behavioral1