Extracted

• • Target

    ANTIVIRUS.exe

  • Size

    8.5MB

  • MD5

    009ec84b4590da80afb68b6fa05f0321

  • SHA1

    135cc35b133eb19353cdca7e2994b41a60f21bcf

  • SHA256

    100951c346e83b21b35976495980007b95bfe1d9595843a320f9b11b5708dfe7

  • SHA512

    152b1cf1bc1b03185c54180b3afa79435d0f67002f057b0b4c34674a877fee7f18902ba202e0ad721e10c2a3eeab9d91e160f55af760d8ec4c4175c2ff2089d5

  • SSDEEP

    196608:srpUYS6BU+KhCIrOshoKMuIkhVastRL5Di3uh1D7JD:/YSCpOrOshouIkPftRL54YRJD

  Score

  10^/10

  quasaroffice04executionspywarestealertrojanupx

  • Quasar RAT

    Quasar is an open source Remote Access Tool.

    trojanspywarequasar

  • Quasar payload

  • Command and Scripting Interpreter: PowerShell

    Using powershell.exe command.

    execution

  • Drops file in Drivers directory

  • Executes dropped EXE

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Legitimate hosting services abused for malware hosting/C2

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  behavioral1

• • Target

    ����5�d.pyc

  • Size

    1KB

  • MD5

    6f933ecdf36bd04f574acc6a57aee182

  • SHA1

    466d71fd8c43bbf8ea3cbbfc5cd9071c1c0bd65b

  • SHA256

    92380160afb54cf39affd4f0be06023a5bccc9e04a5be8e68604e10a11ca109c

  • SHA512

    9798dafd778fb90cfe08f270a6194ab0b9f7eb192b0491889f191dbe3c21c6ecbe060eb9c955659cf04a99901ebf75c634379f8113a53ba038673eaebfa988e8

  Score

  1^/10
  behavioral2