General
-
Target
https://raw.githubusercontent.com/insomniastealer/vapev4-crack/main/VapeV4-cracked.bat
-
Sample
240603-w7pbcsga49
Score
10/10
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://raw.githubusercontent.com/insomniastealer/vapev4-crack/main/VapeV4-cracked.bat
Resource
win10v2004-20240426-en
windows10-2004-x64
19 signatures
150 seconds
Malware Config
Extracted
Family
quasar
Version
1.0.0.0
Botnet
v15.6.7 | GotTermed
C2
elated-grass-07331.pktriot.net:22233
Mutex
3c4f9f0f-6b9b-4427-95ce-8191fe249b5a
Attributes
-
encryption_key
2625A64B59BF89EF5DAC76FF4DD28779A4574274
-
install_name
.exe
-
log_directory
$sxr-Logs
-
reconnect_delay
3000
-
startup_key
$sxr-seroxen
Targets
-
-
Target
https://raw.githubusercontent.com/insomniastealer/vapev4-crack/main/VapeV4-cracked.bat
Score10/10-
Quasar payload
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Executes dropped EXE
-
Legitimate hosting services abused for malware hosting/C2
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-