Overview

overview

10

Static

static

10

Apex-ghost...ks.zip

windows7-x64

10

Apex-ghost...ks.zip

windows10-2004-x64

10

Apex-ghost...ks.zip

windows11-21h2-x64

10

Resubmissions

18-06-2024 23:36

240618-3l3eesyhkb 10

18-06-2024 23:34

240618-3kmbtatcml 10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Apex-ghostware-apex-hacks.zip

  • Size

    1.2MB

  • Sample

    240618-3l3eesyhkb

  • MD5

    69502b41497a8b16bcf388228b75adb8

  • SHA1

    d9953fe774ddb6a31a5cf6e744a8988ce029db50

  • SHA256

    d301b1fa43c202b4bcb45eb25aa8664d2d8f99fa2be9c410cdbbf2b6b8e8bdba

  • SHA512

    c74dc0ce190ce7aa566aea95984cf7043d9140839d948f9b15073f63d30298b08363efe1d85504dd6a990bf9af7a2df61c4a898f2bfeee0937a1161e8bfed06a

  • SSDEEP

    24576:EcZxtAClBDc2rkW7ERjs37nl08X6JA6efqDnj4KDK7KCKx2vkl9TD3T9R:EcZEYlQnjs7l0jJA6efqDnj7L9ov+9xR

Score
10/10
quasarapexv1spywaretrojan

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

ApexV1

C2

174.175.46.53:1048

Mutex

c8ba5d8f-6f83-4ae3-ae6c-d1a644d2c509

Attributes
  • encryption_key

    B0ABE169C55CFD4C2E8310DB36202EAF0E98D48D

  • install_name

    Client.exe

  • log_directory

    Logs

  • reconnect_delay

    1500

  • startup_key

    Windows Updater Service

  • subdirectory

    SubDir

Targets

    • Target

      Apex-ghostware-apex-hacks.zip

    • Size

      1.2MB

    • MD5

      69502b41497a8b16bcf388228b75adb8

    • SHA1

      d9953fe774ddb6a31a5cf6e744a8988ce029db50

    • SHA256

      d301b1fa43c202b4bcb45eb25aa8664d2d8f99fa2be9c410cdbbf2b6b8e8bdba

    • SHA512

      c74dc0ce190ce7aa566aea95984cf7043d9140839d948f9b15073f63d30298b08363efe1d85504dd6a990bf9af7a2df61c4a898f2bfeee0937a1161e8bfed06a

    • SSDEEP

      24576:EcZxtAClBDc2rkW7ERjs37nl08X6JA6efqDnj4KDK7KCKx2vkl9TD3T9R:EcZEYlQnjs7l0jJA6efqDnj7L9ov+9xR

    Score
    10/10
    quasarapexv1spywaretrojan

    • Quasar RAT

      Quasar is an open source Remote Access Tool.

      trojanspywarequasar

    • Quasar payload

    • Executes dropped EXE

    behavioral1behavioral2behavioral3

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Scheduled Task/Job

1
T1053

Scheduled Task

1
T1053.005

Persistence

Scheduled Task/Job

1
T1053

Scheduled Task

1
T1053.005

Privilege Escalation

Scheduled Task/Job

1
T1053

Scheduled Task

1
T1053.005

Defense Evasion

Credential Access

Discovery

Remote System Discovery

1
T1018

Query Registry

1
T1012

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks