General

  • Target

    vir.exe

  • Size

    36.9MB

  • Sample

    240524-ac9sxseb6x

  • MD5

    2d4e021175d1b6bbee51be15e9bec384

  • SHA1

    24256916b2c654a4c9055f0e1e6fe423654310f0

  • SHA256

    cb9036f98e1865c5b9d4a82f76fc60176bf6353ee3e1a41d72c198bf992cd19d

  • SHA512

    cbbf62fa974781192db459c546b5cd575d59ec528e04a63a8f7d8eb3fabec810ddef5c41d854aac4633fea0a36129b1a263540b38d0f77594799aa5af90d448d

  • SSDEEP

    786432:J4RerlLa3nbEwrkACTe6YQbjGEhM6XHXkvj:aulW3bEoALHUr

Malware Config

Extracted

Family

quasar

Attributes
  • reconnect_delay

    3000

Targets

    • Target

      vir.exe

    • Size

      36.9MB

    • MD5

      2d4e021175d1b6bbee51be15e9bec384

    • SHA1

      24256916b2c654a4c9055f0e1e6fe423654310f0

    • SHA256

      cb9036f98e1865c5b9d4a82f76fc60176bf6353ee3e1a41d72c198bf992cd19d

    • SHA512

      cbbf62fa974781192db459c546b5cd575d59ec528e04a63a8f7d8eb3fabec810ddef5c41d854aac4633fea0a36129b1a263540b38d0f77594799aa5af90d448d

    • SSDEEP

      786432:J4RerlLa3nbEwrkACTe6YQbjGEhM6XHXkvj:aulW3bEoALHUr

    Score
    7/10
    • .NET Reactor proctector

      Detects an executable protected by an unregistered version of Eziriz's .NET Reactor.

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Matrix ATT&CK v13

Defense Evasion

Modify Registry

1
T1112

Discovery

System Information Discovery

2
T1082

Query Registry

1
T1012

Tasks