Overview
overview
10Static
static
10Hit Sender...ib.dll
windows7-x64
1Hit Sender...ib.dll
windows10-2004-x64
1Hit Sender...ib.dll
windows7-x64
1Hit Sender...ib.dll
windows10-2004-x64
1Hit Sender...er.exe
windows7-x64
10Hit Sender...er.exe
windows10-2004-x64
10Hit Sender...rp.dll
windows7-x64
1Hit Sender...rp.dll
windows10-2004-x64
1Hit Sender...er.dll
windows7-x64
1Hit Sender...er.dll
windows10-2004-x64
1IP Scanner...er.exe
windows7-x64
7IP Scanner...er.exe
windows10-2004-x64
7KPort Scan...V3.exe
windows7-x64
10KPort Scan...V3.exe
windows10-2004-x64
10KPort Scan...e4.dll
windows7-x64
3KPort Scan...e4.dll
windows10-2004-x64
3KPort Scan...i4.dll
windows7-x64
3KPort Scan...i4.dll
windows10-2004-x64
3KPort Scan...k4.dll
windows7-x64
3KPort Scan...k4.dll
windows10-2004-x64
3MassScan/M...UI.exe
windows7-x64
3MassScan/M...UI.exe
windows10-2004-x64
3MassScan/Packet.dll
windows7-x64
3MassScan/Packet.dll
windows10-2004-x64
3MassScan/masscan.exe
windows7-x64
3MassScan/masscan.exe
windows10-2004-x64
3MassScan/msvcr100.dll
windows7-x64
3MassScan/msvcr100.dll
windows10-2004-x64
3MassScan/w....3.exe
windows7-x64
7MassScan/w....3.exe
windows10-2004-x64
7$PLUGINSDI...ns.dll
windows7-x64
3$PLUGINSDI...ns.dll
windows10-2004-x64
3General
-
Target
95991984767349d93e902eba0487e74688ea5678a92d75a8b50a0852bd215b28
-
Size
43.0MB
-
Sample
240730-lfwk9awbjj
-
MD5
bf0186af3227da62aeb3db92c1e5182d
-
SHA1
3ca8b3b9e80bf08fffd1e9ccece85b4467af2889
-
SHA256
95991984767349d93e902eba0487e74688ea5678a92d75a8b50a0852bd215b28
-
SHA512
7592395ad64bc9e8ff2eea9127d99a3eeb8bb408d62ab105670ee5f5473bd9fa4027268bc0fc55a9920dd702e6692777851d42d6d807a6d85cbc59a34a295eb1
-
SSDEEP
786432:7Zz9QTeRXpXlJRRct8dl+ugoX0e+yPwGZGU30LTbQTeRXpXlJRRct8dlSFOiHW:7J9QqRZXXcol+3k0wpZtk/bQqRZXXcoH
Behavioral task
behavioral1
Sample
Hit Sender/AxInterop.MSTSCLib.dll
Resource
win7-20240705-en
Behavioral task
behavioral2
Sample
Hit Sender/AxInterop.MSTSCLib.dll
Resource
win10v2004-20240709-en
Behavioral task
behavioral3
Sample
Hit Sender/Interop.MSTSCLib.dll
Resource
win7-20240704-en
Behavioral task
behavioral4
Sample
Hit Sender/Interop.MSTSCLib.dll
Resource
win10v2004-20240709-en
Behavioral task
behavioral5
Sample
Hit Sender/NLBrute Hit Sender-Checker.exe
Resource
win7-20240704-en
Behavioral task
behavioral6
Sample
Hit Sender/NLBrute Hit Sender-Checker.exe
Resource
win10v2004-20240709-en
Behavioral task
behavioral7
Sample
Hit Sender/RestSharp.dll
Resource
win7-20240708-en
Behavioral task
behavioral8
Sample
Hit Sender/RestSharp.dll
Resource
win10v2004-20240729-en
Behavioral task
behavioral9
Sample
Hit Sender/SkinSoft.VisualStyler.dll
Resource
win7-20240704-en
Behavioral task
behavioral10
Sample
Hit Sender/SkinSoft.VisualStyler.dll
Resource
win10v2004-20240709-en
Behavioral task
behavioral11
Sample
IP Scanner (Thay thế cho MassScan chạy trên Guest hoặc không có quyền Administrator)/IP Scanner.exe
Resource
win7-20240708-en
Behavioral task
behavioral12
Sample
IP Scanner (Thay thế cho MassScan chạy trên Guest hoặc không có quyền Administrator)/IP Scanner.exe
Resource
win10v2004-20240709-en
Behavioral task
behavioral13
Sample
KPort Scaner/KPortScan V3.exe
Resource
win7-20240704-en
Behavioral task
behavioral14
Sample
KPort Scaner/KPortScan V3.exe
Resource
win10v2004-20240729-en
Behavioral task
behavioral15
Sample
KPort Scaner/QtCore4.dll
Resource
win7-20240705-en
Behavioral task
behavioral16
Sample
KPort Scaner/QtCore4.dll
Resource
win10v2004-20240704-en
Behavioral task
behavioral17
Sample
KPort Scaner/QtGui4.dll
Resource
win7-20240705-en
Behavioral task
behavioral18
Sample
KPort Scaner/QtGui4.dll
Resource
win10v2004-20240709-en
Behavioral task
behavioral19
Sample
KPort Scaner/QtNetwork4.dll
Resource
win7-20240708-en
Behavioral task
behavioral20
Sample
KPort Scaner/QtNetwork4.dll
Resource
win10v2004-20240709-en
Behavioral task
behavioral21
Sample
MassScan/Massscan_GUI.exe
Resource
win7-20240708-en
Behavioral task
behavioral22
Sample
MassScan/Massscan_GUI.exe
Resource
win10v2004-20240709-en
Behavioral task
behavioral23
Sample
MassScan/Packet.dll
Resource
win7-20240708-en
Behavioral task
behavioral24
Sample
MassScan/Packet.dll
Resource
win10v2004-20240709-en
Behavioral task
behavioral25
Sample
MassScan/masscan.exe
Resource
win7-20240729-en
Behavioral task
behavioral26
Sample
MassScan/masscan.exe
Resource
win10v2004-20240729-en
Behavioral task
behavioral27
Sample
MassScan/msvcr100.dll
Resource
win7-20240705-en
Behavioral task
behavioral28
Sample
MassScan/msvcr100.dll
Resource
win10v2004-20240709-en
Behavioral task
behavioral29
Sample
MassScan/winpcap-4.3.exe
Resource
win7-20240708-en
Behavioral task
behavioral30
Sample
MassScan/winpcap-4.3.exe
Resource
win10v2004-20240709-en
Behavioral task
behavioral31
Sample
$PLUGINSDIR/InstallOptions.dll
Resource
win7-20240705-en
Behavioral task
behavioral32
Sample
$PLUGINSDIR/InstallOptions.dll
Resource
win10v2004-20240709-en
Malware Config
Extracted
quasar
1.4.0
Office04
128.199.64.220:4782
a6aa1ddd-3810-492e-8728-facd9d5ede65
-
encryption_key
CB9F9A0F270F5BD4211B4E21054ED956F7A81814
-
install_name
Client.exe
-
log_directory
Logs
-
reconnect_delay
3000
-
startup_key
Quasar Client Startup
-
subdirectory
SubDir
Targets
-
-
Target
Hit Sender/AxInterop.MSTSCLib.dll
-
Size
360KB
-
MD5
0c7d8ecb8fb4b88fd42de85e30944826
-
SHA1
b8ca7c11063d58008f8b19cf93ebaab8245e616d
-
SHA256
0c1a7276c53d85feae0996fb2f4524e2aeffa78c96304bf25e70c68f123e5e94
-
SHA512
2d3078a0b583d9d4e5ebeaab4e3baa11e61f4988ff96bfa27152ea30d1e6374e704429f63f30ab6bfe72381830f5fd17e605f327ad9d2616d75ce0f336dc73e3
-
SSDEEP
3072:LZEKEcvukPhjyUG2p8wV0z6gWAkapSyS6hH+GC1Z5U8I:qwhjvGU0WgWAkaW6hH+GC1ZF
Score1/10 -
-
-
Target
Hit Sender/Interop.MSTSCLib.dll
-
Size
738KB
-
MD5
a2a32a9b5cf3a554c351073821f9e366
-
SHA1
3208bc1a1d4f526fd0abfad1ef7c3185f7d7b1d9
-
SHA256
f4d5ad2f9053a39f652831baa915e90645e6198b56817969e2cd45f6223c3a0c
-
SHA512
057373efd77d0744d60ab4ebe3bd6133e3edbc1e25137279398f84c254b1a400406954512f4252432daf6f4a8879611b05a694b23b643230b8f35578677f96be
-
SSDEEP
12288:iuF8zCZQHmtk76B4veVsjyJgXW9UrqxINQzitUn2BYL6l8szncUicKs8geyRli+p:iuF8zCZQHmtk76B4veVsjyJgXW9Urqxq
Score1/10 -
-
-
Target
Hit Sender/NLBrute Hit Sender-Checker.exe
-
Size
1.8MB
-
MD5
663627e9e7d0f30d41dc754cec70c2a9
-
SHA1
4f6562ee4c4a209e8ccdd894d5955909afc3498e
-
SHA256
59c8595468186da0d323b5a5fc0304b04412fe11bea16c11bdce5315502a8716
-
SHA512
b3184e56e9d9a9ae0bef34912c9e927e0dfdd100b7e36862e2a1f98af56bccb58fa23783cd9f42cbb663e70ba26835a24a27cca5e077b2d5e0a46ff1b8f412c3
-
SSDEEP
24576:0Yh9sKCs4uvW4jfb2K90oo+C8JwUZc0PY0yNuVC9Hbv50eFGPlfFZDO+:p/C7uRfbQswUZcSByYGv5ujZ7
Score10/10-
Detect Neshta payload
-
Neshta
Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Modifies system executable filetype association
-
-
-
Target
Hit Sender/RestSharp.dll
-
Size
186KB
-
MD5
ebb404b296276a65d85a13ce889a64ab
-
SHA1
2fe54894589988a7c3b0c752f4de9d84b3f21312
-
SHA256
37bf2a8815e1833153ff92d0bec3a1405f5c5f146884d0563a96bacd1b0074f9
-
SHA512
c0ba618cc6aa3987930598bf9557f6e2aa6657f72febdc034b07ac25c2682debeccac4940a27a8612c1b84c70e350e78d19e8928cac613cadc48e4fefada9f71
-
SSDEEP
3072:32SM9KBmXowyrg7h2Bk3uIRUgpOYx+fsh6ow4iDvmRBktpWaLJ1qbC:WbXDyG2GeyUglf6ow4iDoZ
Score1/10 -
-
-
Target
Hit Sender/SkinSoft.VisualStyler.dll
-
Size
1.0MB
-
MD5
69e6563e0e7ea843e9b37d58819f4136
-
SHA1
4aebf9955ba0d0b5205b6b013da634aa0281a25d
-
SHA256
f9fa9f508b9350ed12ed3aa5b7f24aed901a6434b1b02d1f0ee301b8eea54b06
-
SHA512
c883bcb3f6f2ac3f2fe88eed1356178ff2b43bdeed2188aa06f35cbc9dda8745a3a5c2d28d99daae5b6ea9af46abcae45b7bd4da13f318ba31062a8e8b79a942
-
SSDEEP
12288:OSVkAXRzNIYqsdMExMDj/iREVGx2G4dZJ25jad4NJQe5rkAf/e5rkp3gN372sx00:ZRz+YqsdMExMDj/iRHx2dJ7Wsx0
Score1/10 -
-
-
Target
IP Scanner (Thay thế cho MassScan chạy trên Guest hoặc không có quyền Administrator)/IP Scanner.exe
-
Size
12.3MB
-
MD5
57bf838c7b78b1d6382492047c5e58e7
-
SHA1
e9f399ec58e2435305193cd3685c99f87622cd42
-
SHA256
1ab440ef04f4b1396b6b6d6959887867f1b0f2b3c639b74920d3e7ad6fc64933
-
SHA512
4e3304333604dce2c7f2ae446102764fba815f97cc3264878a66b451a781fe7c44d1821089aa155be141e86c8f626da24cd5f19bc6b1ce6aadc35c3f215adc70
-
SSDEEP
196608:O1iODtjizE9onJ5hrZELte9tGPqKM48RmU/3ZlsPv2SEDTb5zTvN8CfZjAPaBk:bOD/9c5hlELdPNMtN3ZWjc3xTLjAS
Score7/10-
Loads dropped DLL
-
-
-
Target
KPort Scaner/KPortScan V3.exe
-
Size
232KB
-
MD5
9e474178aff71d68f7b72fb186d6d763
-
SHA1
5eb3a66848515aed1cd9bb235dcb452e7470e5a2
-
SHA256
16c1e3fea0b086044036f402b5e00af9efd689417fe98fed51884539a4ad44bd
-
SHA512
ae41194fa85b4c5bb63f21e3218e62aa482d09b9fe3b4a3ea449c76d5d140abd232519abb563c70df3191d4be18b820af91c33842e1ed3459687fc2edb1593f2
-
SSDEEP
6144:k997OTkNPTqLIOt6r+9dEPlUIbrMOFTfM0OZhErjie0KK3m+nak:FTkNLlE3m+n
Score10/10-
Detect Neshta payload
-
Neshta
Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Modifies system executable filetype association
-
-
-
Target
KPort Scaner/QtCore4.dll
-
Size
2.4MB
-
MD5
438717377b9df0f53f283c9e4aa722cc
-
SHA1
c413917dfcb816799613c6f86b55952c887ff711
-
SHA256
a679cf46e128d028de22fb9ed8432e5107e53f8e7e6fb7f5e169b3eeab8f000a
-
SHA512
03c10588ec47bce9b6c40fedffcaa775b84bb691450789000c17e7df02554036ee336d382524b35bfa67dbc4ae4b95d3d1807d61f46016427856f60850383f3f
-
SSDEEP
49152:vfGCzRdEZK8hyX2ntJsv6tWKFdu9CeTxLyvL/6mShMZtmjNUVrciV5P+7QVg07Tl:vf8KF2tJsv6tWKFdu9CIK
Score3/10 -
-
-
Target
KPort Scaner/QtGui4.dll
-
Size
8.0MB
-
MD5
37957facc9afbdfbd119c8372c9cf0e3
-
SHA1
1f5584ae75e947ffcbe00dc17bc423bf3f906ad0
-
SHA256
bf52fec00b4f640d07bea3850096cc77983fca518bbec8122997b7ca561205f1
-
SHA512
24ef6418f904b646d31912e0f350a0eb10147015bbd4b3710aba62c5a1da5d001600d9a381beb8d871d30cc0b07cf2fdb034f81f60810d8c14899cacdf68ad4d
-
SSDEEP
98304:ixT4yTZMEMrIJCZxMvwQoVgN1617/PO1IQlS4Xsmw2zZQvkfsnXWP:ixbZxDJ9vv7617VQlSesn
Score3/10 -
-
-
Target
KPort Scaner/QtNetwork4.dll
-
Size
982KB
-
MD5
5c6afae60414546cef0a9b759da93912
-
SHA1
928aba35960a17b9ee3a3e2f2f890b8aa6842e6b
-
SHA256
99757ec661fd7de3b22fb641f25cf1565aae13daf8d31c6686c6c7cbd2be6fc9
-
SHA512
bbd7aae541c5677317f68472c4be008164909f6395c43e554c4b070fb398ec680f496505644de0a706f831bc850e770c60c699d5aa0d5a7e0e19c5fc48e5c727
-
SSDEEP
12288:BQ4LHoNwBkUx/0RpieLY+EZ8R2/hGT/YOt2ck/qTpQ39NM7LMi7nR4djiz0R6H2j:zr/k60RpizZ83/T6CTeNuMwR4djip8L
Score3/10 -
-
-
Target
MassScan/Massscan_GUI.exe
-
Size
334KB
-
MD5
7a6990bf78f3e2e835d3be85a2fea4ba
-
SHA1
9e2760e0c13d56cb744262b4fdef67e17ee08571
-
SHA256
37ff328175acd45ef27d3d339c3127a7612ad713fccd9c9aae01656dfbf13056
-
SHA512
ba2b8cd80613bff44c1624d6a17bae797b81fb53979f6a901850dac5e824483513cd312ff8a5aaa9d5eb3cf5c825785a7a53965692d2fb6274d22b6e62f9735c
-
SSDEEP
3072:eaxe0aX5Cw9Q56z456zB56zuIXk89V756zM:nanPj8X
Score3/10 -
-
-
Target
MassScan/Packet.dll
-
Size
94KB
-
MD5
1250bef11bfa086f772cd2a273bc036e
-
SHA1
bfb60b4072f4533d8497f3d90631f818e345bcc6
-
SHA256
6b19cffaa2bf4359be1a0130a1fb47ab45e8c3be5d0cb7986579c5e04e1d77a5
-
SHA512
76cbc346468d400c4e6a95b3c91abfec0a63a375aade6f47c70a3b3db76c513bcfd91ed2994059a6c8bdd6b266f9b17ecf11f9941481c7a2692925d2457f5bba
-
SSDEEP
1536:6wG9plhvRIRVC2wJAyPFCnPKc0z70yIKtIn8zVpWj:E9rjh5t9cZyIKtInb
Score3/10 -
-
-
Target
MassScan/masscan.exe
-
Size
232KB
-
MD5
c50f3b0b23dfe5c66561bb9297bf7bbc
-
SHA1
5f14241aea174608a7c85127fdad042d7382277d
-
SHA256
de903a297afc249bb7d68fef6c885a4c945d740a487fe3e9144a8499a7094131
-
SHA512
33c557c53b4f65cde67bc0f6a7952822d194e0da262aa7d44c1d527ed300043ad1c06002cd42e69ad98ad2c7b62aa98d66ac0aa211ddfa97dde3e737da3f768f
-
SSDEEP
6144:9WQaNTimmz/EkPt1xeHP9mCeswbjnK6swOp9cL:vMTuz/Ek1eHP9KPf698
Score3/10 -
-
-
Target
MassScan/msvcr100.dll
-
Size
755KB
-
MD5
0e37fbfa79d349d672456923ec5fbbe3
-
SHA1
4e880fc7625ccf8d9ca799d5b94ce2b1e7597335
-
SHA256
8793353461826fbd48f25ea8b835be204b758ce7510db2af631b28850355bd18
-
SHA512
2bea9bd528513a3c6a54beac25096ee200a4e6ccfc2a308ae9cfd1ad8738e2e2defd477d59db527a048e5e9a4fe1fc1d771701de14ef82b4dbcdc90df0387630
-
SSDEEP
12288:nMmCy3nAgPAxN9ueqix/HEmxsvGrif8ZSy+rdQw2QRAtd74/vmYK6H3BVoe3z:MmCy3KxW3ixPEmxsvGrm8Z6r+JQPzV7z
Score3/10 -
-
-
Target
MassScan/winpcap-4.3.exe
-
Size
423KB
-
MD5
ae26452c8b3d97ef2037521ac0dd3a8b
-
SHA1
3ad99ec2bf6cc4f947bb09be627c91f82a898aa8
-
SHA256
f28156a96be558dfb83a3d935223a127816ad124b94f92c499400c38078ad842
-
SHA512
f5012a9600542b46eca137f41d58d6a6d3071aa36ca2b4c0f0119639cdf051c0a0e597c674583c4ec5753f8368ca121282acbf084930d2b1f30671f2032448d9
-
SSDEEP
6144:MsNaGdmkMIdQQkpxYLcP+k471Xr4bjMxiW+D/xqfF3o2KCzDunki8m/VlidXTj2G:AG4kDdc8L4bQA5qt3CxnkLwlQFPcOLJ
Score7/10-
Loads dropped DLL
-
-
-
Target
$PLUGINSDIR/InstallOptions.dll
-
Size
14KB
-
MD5
79327201915b7cf3ba0c5d1a143aa925
-
SHA1
185b6f5520b1c39d3e7d9d91ed099698fac46d92
-
SHA256
1edf8dc7b6ef67e7cf68f6b07f38be5b336b5e6b2d1d5500cdb3e121b8381394
-
SHA512
c51086b7e039c83abb727a33b7f1ccac4fa999373b0423ac4b253e87195a5515d29e98ea2ed64f30406a14db4bf94422d34e6c9db8fc80be5c4e3fc77fd0207e
-
SSDEEP
192:QGs+dH4+oQOTgDbzuNfrigyULWsXXZF/01JJijYK72dwF7dBEnbok:QGvdH4qMebzPY2VijY+BEnbo
Score3/10 -