General
-
Target
Uni.bat
-
Size
511KB
-
Sample
240530-md891aeb2s
-
MD5
9fb9372aca1d8d842589419264c8ae62
-
SHA1
9313414673f343c9bb14939c6c14697dcdfc1aa0
-
SHA256
38defd519e3b007e7590a2dc8101f356806b1f1cdcdba3eccfa0afc46b2f8577
-
SHA512
10b935a27946dd4e4ff22b42782e141d22471f90fe086c6874e783a341066f0b54be8fdcbc7c7df21d96565ed0d7b00afd91bd59ac8c37613579decb0fb84618
-
SSDEEP
12288:/JXwTLWKJYuv1T5jgKND/v+Tz5Wgv2qwAbMdusp/cq:/JKj5jgKdW5WgOqwAYxh
Static task
static1
Behavioral task
behavioral1
Sample
Uni.bat
Resource
win7-20240221-en
Malware Config
Extracted
quasar
3.1.5
SeroXen
panel-slave.gl.at.ply.gg:57059
panel-slave.gl.at.ply.gg:27892
$Sxr-rpL8EItHN3pqIQQVy2
-
encryption_key
PXEHWy52mqnqS2Hd39SK
-
install_name
Client.exe
-
log_directory
Logs
-
reconnect_delay
3000
-
startup_key
SeroXen
-
subdirectory
SubDir
Targets
-
-
Target
Uni.bat
-
Size
511KB
-
MD5
9fb9372aca1d8d842589419264c8ae62
-
SHA1
9313414673f343c9bb14939c6c14697dcdfc1aa0
-
SHA256
38defd519e3b007e7590a2dc8101f356806b1f1cdcdba3eccfa0afc46b2f8577
-
SHA512
10b935a27946dd4e4ff22b42782e141d22471f90fe086c6874e783a341066f0b54be8fdcbc7c7df21d96565ed0d7b00afd91bd59ac8c37613579decb0fb84618
-
SSDEEP
12288:/JXwTLWKJYuv1T5jgKND/v+Tz5Wgv2qwAbMdusp/cq:/JKj5jgKdW5WgOqwAYxh
-
Quasar payload
-
Blocklisted process makes network request
-
Executes dropped EXE
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-