General
-
Target
Spoofer V4.exe
-
Size
3.1MB
-
Sample
240722-cp839svdnd
-
MD5
0e819e3cfcb5279dc25538fa254a0cfb
-
SHA1
a9480ee70ad01f7d84a93bf120004ba1f996d1e1
-
SHA256
819d2cdbc2e6246f5fb91527101128cbf8171ee04f5bea302b567ea25c6f669c
-
SHA512
bfe5fe2631421036319da556b519ff03c44510ca5f4cb2b8b22fa4ae20e128c97fd1f49b2913b1226e36d2c2ad5fc4127e3f8722242bb376d828d7fb8d6e8eb6
-
SSDEEP
49152:Bv+I22SsaNYfdPBldt698dBcjHyzDic0Vfk/FLoGdZN8PTHHB72eh2NT:Bvz22SsaNYfdPBldt6+dBcjHKDVz8
Behavioral task
behavioral1
Sample
Spoofer V4.exe
Resource
win10v2004-20240709-en
Malware Config
Extracted
quasar
1.4.1
Office04
Bweezys-44502.portmap.host:34107
1d720ca2-fc3a-4533-8300-74afceea3a93
-
encryption_key
C0CDED8DDB03E1B037472315F6569B1352DAC01B
-
install_name
System32.exe
-
log_directory
Logs
-
reconnect_delay
3000
-
startup_key
.
-
subdirectory
Windows
Targets
-
-
Target
Spoofer V4.exe
-
Size
3.1MB
-
MD5
0e819e3cfcb5279dc25538fa254a0cfb
-
SHA1
a9480ee70ad01f7d84a93bf120004ba1f996d1e1
-
SHA256
819d2cdbc2e6246f5fb91527101128cbf8171ee04f5bea302b567ea25c6f669c
-
SHA512
bfe5fe2631421036319da556b519ff03c44510ca5f4cb2b8b22fa4ae20e128c97fd1f49b2913b1226e36d2c2ad5fc4127e3f8722242bb376d828d7fb8d6e8eb6
-
SSDEEP
49152:Bv+I22SsaNYfdPBldt698dBcjHyzDic0Vfk/FLoGdZN8PTHHB72eh2NT:Bvz22SsaNYfdPBldt6+dBcjHKDVz8
Score10/10-
Quasar payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Adds Run key to start application
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1Scheduled Task
1