General
-
Target
Loli_Niggerrr.exe
-
Size
21.4MB
-
Sample
240607-v4cbysbe3x
-
MD5
dc4dbf206e4ba17cc40c879706ebbf64
-
SHA1
adc35bfd111d600d59b6a76787d9594e89973a03
-
SHA256
8887b29a171153362b3dbb478801e087ca53ac8960cb06b44e791ecc4c4eaa4d
-
SHA512
79df05d1e0572d387c70f835432193399389042142f964b865f8f4f7de06cfeaf3e1952d45beb9ea8621e64e17658557f0f1914f7b991d98e8d9efc5365e4256
-
SSDEEP
98304:B1slPHmk2Ynhn+gX9uV2CQzS0y/3ibkabFbp1A11eFt4I/p/:gPHmkTPXgVLYs/3iFbFbp6XsB/
Behavioral task
behavioral1
Sample
Loli_Niggerrr.exe
Resource
win7-20240221-en
Malware Config
Extracted
quasar
-
encryption_key
E2FB9900B23756E2DDF30B24E44B0961BA7B0F9C
-
reconnect_delay
3000
Targets
-
-
Target
Loli_Niggerrr.exe
-
Size
21.4MB
-
MD5
dc4dbf206e4ba17cc40c879706ebbf64
-
SHA1
adc35bfd111d600d59b6a76787d9594e89973a03
-
SHA256
8887b29a171153362b3dbb478801e087ca53ac8960cb06b44e791ecc4c4eaa4d
-
SHA512
79df05d1e0572d387c70f835432193399389042142f964b865f8f4f7de06cfeaf3e1952d45beb9ea8621e64e17658557f0f1914f7b991d98e8d9efc5365e4256
-
SSDEEP
98304:B1slPHmk2Ynhn+gX9uV2CQzS0y/3ibkabFbp1A11eFt4I/p/:gPHmkTPXgVLYs/3iFbFbp6XsB/
-
Quasar payload
-
Obfuscated with Agile.Net obfuscator
Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-