Overview

overview

10

Static

static

10

Loli.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Loli.exe

  • Size

    5.4MB

  • Sample

    240607-25vy1sdh3v

  • MD5

    d65286844163ff91b3cc8dd54c92b729

  • SHA1

    85e5f37f0d092252b2c44225da2e6d888d4fde0a

  • SHA256

    6af13fedc6065c776cd888e5bdb32c2bb31a423af7621b387676b45f014e3a90

  • SHA512

    7d096028a596a04acb2ae8b837fc81197841af33fe547039978f99809dbb854fdd9f83c0c7bde2a60f3044127871ab9dcd0f621ba3c0d87f44662bbcd5d96793

  • SSDEEP

    49152:zE/yEPsBimcZhhbGKnIXDpZEV/+hH45ZRPJgBB6aCHHB72eh2Nw+N7:zELEBimcn2X9uV2iZV

Score
10/10
quasaragilenetspywaretrojan

Malware Config

Extracted

Family

quasar

Attributes
  • encryption_key

    E2FB9900B23756E2DDF30B24E44B0961BA7B0F9C

  • reconnect_delay

    3000

Targets

    • Target

      Loli.exe

    • Size

      5.4MB

    • MD5

      d65286844163ff91b3cc8dd54c92b729

    • SHA1

      85e5f37f0d092252b2c44225da2e6d888d4fde0a

    • SHA256

      6af13fedc6065c776cd888e5bdb32c2bb31a423af7621b387676b45f014e3a90

    • SHA512

      7d096028a596a04acb2ae8b837fc81197841af33fe547039978f99809dbb854fdd9f83c0c7bde2a60f3044127871ab9dcd0f621ba3c0d87f44662bbcd5d96793

    • SSDEEP

      49152:zE/yEPsBimcZhhbGKnIXDpZEV/+hH45ZRPJgBB6aCHHB72eh2Nw+N7:zELEBimcn2X9uV2iZV

    Score
    10/10
    quasaragilenetspywaretrojan

    • Quasar RAT

      Quasar is an open source Remote Access Tool.

      trojanspywarequasar

    • Quasar payload

    • Obfuscated with Agile.Net obfuscator

      Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.

      agilenet
    behavioral1

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

2
T1082

Query Registry

1
T1012

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks