Extracted

• • Target

    uni.bat

  • Size

    15.5MB

  • MD5

    180cabfef9e517bf8a30eaf917fb06ca

  • SHA1

    d47987045a7f1888b9a2a8c0159b5bd2c9d79274

  • SHA256

    fe831f43955da5cacbdf9eb8331cb62907141cb0f566b53e5a5f222fe30ee78c

  • SHA512

    91fed14301919d6a0514dd843e6ffaae07fc538199644f4c9033a3ef717a65974ba940ae6646fd4289c614138adbd385b3706169b1754cd8d5b9ef04891f91bb

  • SSDEEP

    49152:mcIdr0nn+8BsYSVa+P+J0XCCeRWpsKlP7k7o6SwofCLl7w+i2+SpQf86Gtpek1GI:1

  Score

  10^/10

  quasarexecutionspywaretrojan

  • Quasar RAT

    Quasar is an open source Remote Access Tool.

    trojanspywarequasar

  • Quasar payload

  • Command and Scripting Interpreter: PowerShell

    Run Powershell and hide display window.

    execution

  • Checks BIOS information in registry

    BIOS information is often read in order to detect sandboxing environments.

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Deletes itself

  • Executes dropped EXE

  • Enumerates connected drives

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops file in System32 directory

  behavioral1