General

  • Target

    vir.exe

  • Size

    311.5MB

  • Sample

    240524-1q2mkscd71

  • MD5

    eb9490492b00c4f14cf133acf95edfe4

  • SHA1

    1d903edafd1429d1554d5b4298496f96129e388b

  • SHA256

    f0025dabe2f4c075dbe09bc534dbe94939d0ae6d45ee4450ec7943fa36fb09cc

  • SHA512

    175f1da82762237282390a3dc1be3164c81b3416514b2bfd16eb1b51e50a9bbabce809baf5f68dad6720df73d5bbedc736999597063ebb9070396cb910d98b72

  • SSDEEP

    6291456:Y2qVJw+odBeWFv1k4R4b0ewZkhT4ofHwJjvZDQPf2tLSkHldHVeVM:rr+WeSWgfecGT4RjvqP85TAK

Malware Config

Extracted

Family

quasar

Attributes
  • reconnect_delay

    3000

Targets

    • Target

      vir.exe

    • Size

      311.5MB

    • MD5

      eb9490492b00c4f14cf133acf95edfe4

    • SHA1

      1d903edafd1429d1554d5b4298496f96129e388b

    • SHA256

      f0025dabe2f4c075dbe09bc534dbe94939d0ae6d45ee4450ec7943fa36fb09cc

    • SHA512

      175f1da82762237282390a3dc1be3164c81b3416514b2bfd16eb1b51e50a9bbabce809baf5f68dad6720df73d5bbedc736999597063ebb9070396cb910d98b72

    • SSDEEP

      6291456:Y2qVJw+odBeWFv1k4R4b0ewZkhT4ofHwJjvZDQPf2tLSkHldHVeVM:rr+WeSWgfecGT4RjvqP85TAK

    • Detect Umbral payload

    • Umbral

      Umbral stealer is an opensource moduler stealer written in C#.

    • njRAT/Bladabindi

      Widely used RAT written in .NET.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • AutoIT Executable

      AutoIT scripts compiled to PE executables.

MITRE ATT&CK Matrix ATT&CK v13

Execution

Command and Scripting Interpreter

1
T1059

Discovery

Process Discovery

1
T1057

System Information Discovery

1
T1082

Remote System Discovery

1
T1018

Tasks