Extracted

• • Target

    Bloxstrap.exe

  • Size

    7.6MB

  • MD5

    dbb820772caf0003967ef0f269fbdeb1

  • SHA1

    31992bd4977a7dfeba67537a2da6c9ca64bc304c

  • SHA256

    b2ac1e407ed3ecd7c7faa6de929a68fb51145662cf793c40b69eb59295bba6bc

  • SHA512

    e8ac879c7198dffb78bc6ee4ad49b5de40a5a7dbbda53d427d0a034941487d13c8bb2b8d590a1fcdd81cd6abb8f21fdfcd52924eb00c45a42ee06c1e4b3d590f

  • SSDEEP

    98304:XNd5DSd5DxTsed5D2ZT00UuOYoHwfLk3vSmaR0+Mc4AN0edaAHDfysrTl1:X+sdtObAbN0u

  Score

  10^/10

  quasaroffice04spywarestealertrojan

  • Quasar RAT

    Quasar is an open source Remote Access Tool.

    trojanspywarequasar

  • Quasar payload

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Reads WinSCP keys stored on the system

    Tries to access WinSCP stored sessions.

    spywarestealer

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Legitimate hosting services abused for malware hosting/C2

  behavioral1behavioral2