General
-
Target
Uni.bat
-
Size
15.5MB
-
Sample
240626-aseygstajg
-
MD5
23c907a663bc5c30e89aa5c412b0b6a2
-
SHA1
9a23b5ac7ff316fd750a89f5838ba59554cc5d61
-
SHA256
77eea1fee29eaea3be683181b75c7ec61bd2d18cfa4e124bcf2c20cdba8d7728
-
SHA512
9c2b7c7ecff1c30759975c6fed9b07dae2d1e943237f9770d2cad5edbff77abdbfb050fc0a445f4098e5381370f8491d914a21ccfa2151cc6ae441ddbbedb9d8
-
SSDEEP
49152:Yju6olBs/O7mrdEf362SZzFdBIfHsE/LKy/n+d9gy12/KRsZgMj8idHJMW3merdt:3
Static task
static1
Behavioral task
behavioral1
Sample
Uni.bat
Resource
win10v2004-20240611-en
Malware Config
Extracted
quasar
-
reconnect_delay
3000
Targets
-
-
Target
Uni.bat
-
Size
15.5MB
-
MD5
23c907a663bc5c30e89aa5c412b0b6a2
-
SHA1
9a23b5ac7ff316fd750a89f5838ba59554cc5d61
-
SHA256
77eea1fee29eaea3be683181b75c7ec61bd2d18cfa4e124bcf2c20cdba8d7728
-
SHA512
9c2b7c7ecff1c30759975c6fed9b07dae2d1e943237f9770d2cad5edbff77abdbfb050fc0a445f4098e5381370f8491d914a21ccfa2151cc6ae441ddbbedb9d8
-
SSDEEP
49152:Yju6olBs/O7mrdEf362SZzFdBIfHsE/LKy/n+d9gy12/KRsZgMj8idHJMW3merdt:3
Score10/10-
Quasar payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Impair Defenses: Safe Mode Boot
-
Hide Artifacts: Hidden Window
Windows that would typically be displayed when an application carries out an operation can be hidden.
-
Drops file in System32 directory
-