General
-
Target
yolo.exe
-
Size
5.7MB
-
Sample
240802-xvscxs1erc
-
MD5
275231b1dc6cd9a37e767687257e655d
-
SHA1
433ce42bf76994b259cf95acd70ddd9a91421ce7
-
SHA256
3b3fd08f825e24a763ed8abd79dcec933dfd2e3e104f21e5a2bb4a7aa3d3c244
-
SHA512
5c5837ae8cd4db50d42434071ff4b01d62c276a0f350481ee2ead1f2bfc560bd1edf9cebc37a57a2cd160c65909242473b4c3d2c6cd1b99159cd8b1b2825dbb8
-
SSDEEP
98304:WXzhW148Pd+Tf1mpcOldJQ3/Vxvk22SsaNYfdPBldt6+dBcjHnj5X9F:WFK4s0TfLOdo/rJ7jVX9F
Behavioral task
behavioral1
Sample
yolo.exe
Resource
win7-20240708-en
Malware Config
Extracted
quasar
1.4.1
Office04
192.168.0.174:4782
1ddaef8c-bff6-41cf-ab7c-88ced4b0af76
-
encryption_key
D5F1E515D26F03AD6621A5237F6E935EF48F2FD8
-
install_name
Client.exe
-
log_directory
Logs
-
reconnect_delay
3000
-
startup_key
Quasar Client Startup
-
subdirectory
SubDir
Targets
-
-
Target
yolo.exe
-
Size
5.7MB
-
MD5
275231b1dc6cd9a37e767687257e655d
-
SHA1
433ce42bf76994b259cf95acd70ddd9a91421ce7
-
SHA256
3b3fd08f825e24a763ed8abd79dcec933dfd2e3e104f21e5a2bb4a7aa3d3c244
-
SHA512
5c5837ae8cd4db50d42434071ff4b01d62c276a0f350481ee2ead1f2bfc560bd1edf9cebc37a57a2cd160c65909242473b4c3d2c6cd1b99159cd8b1b2825dbb8
-
SSDEEP
98304:WXzhW148Pd+Tf1mpcOldJQ3/Vxvk22SsaNYfdPBldt6+dBcjHnj5X9F:WFK4s0TfLOdo/rJ7jVX9F
-
Modifies visiblity of hidden/system files in Explorer
-
Quasar payload
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Drops file in System32 directory
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1Scheduled Task
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1Scheduled Task
1Defense Evasion
Hide Artifacts
1Hidden Files and Directories
1Modify Registry
2Virtualization/Sandbox Evasion
1