Overview

overview

10

Static

static

1

65e4930b06....9.zip

windows10-2004-x64

1

VCheats V2.8.bat

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    65e4930b06035_VCheatsV2.9.zip

  • Size

    10.7MB

  • Sample

    240807-yt8h7awhqf

  • MD5

    3a9c874139009e63cf7877f33dfab82c

  • SHA1

    f74a9ae9fb1fc97ff63b3cba6e530ab48ba1ad7b

  • SHA256

    5a23ff9ffd139fe24b32526e517092952a97e3195910146ee79177cbce17f681

  • SHA512

    265b2a22da641c86e744c3b7bba89b044c856b1c2fc06180e97184a566fec48d0f35d35b9d96094114f3727f5c0b439ed672b1d235994b742435da10bae455c7

  • SSDEEP

    196608:RqjpnWnmjca50uNoYxJPWQ2apISnc/W/8Ij3tSNIJcOJblIrzjZmRP3XJRSDt:RqjlYaC4o2Pw2gWkIj33cMxCzjZm9LEt

Score
10/10
quasardefense_evasionexecutionspywaretrojan

Malware Config

Extracted

Family

quasar

Attributes
  • reconnect_delay

    3000

Targets

    • Target

      65e4930b06035_VCheatsV2.9.zip

    • Size

      10.7MB

    • MD5

      3a9c874139009e63cf7877f33dfab82c

    • SHA1

      f74a9ae9fb1fc97ff63b3cba6e530ab48ba1ad7b

    • SHA256

      5a23ff9ffd139fe24b32526e517092952a97e3195910146ee79177cbce17f681

    • SHA512

      265b2a22da641c86e744c3b7bba89b044c856b1c2fc06180e97184a566fec48d0f35d35b9d96094114f3727f5c0b439ed672b1d235994b742435da10bae455c7

    • SSDEEP

      196608:RqjpnWnmjca50uNoYxJPWQ2apISnc/W/8Ij3tSNIJcOJblIrzjZmRP3XJRSDt:RqjlYaC4o2Pw2gWkIj33cMxCzjZm9LEt

    Score
    1/10
    behavioral1

    • Target

      VCheats V2.8.bat

    • Size

      15.4MB

    • MD5

      a2728a545a1c36f6cab1ba8d907f999f

    • SHA1

      d5a3c703250ce7d4bce77545b8b58a672ce80719

    • SHA256

      805aea906bde7f654de4d457c939a2836c406f8ecd29dfe9cd57688f0fa0d96c

    • SHA512

      c736efa0a4f4b60eeff83a6c504c378192cf3061a172ee5d820380ad9646cf9d6f761d42bf0d37e161c7fd397d2e37b09ebc685e958fe2fa4b859febbce8d0a1

    • SSDEEP

      49152:eciqF22DGlCLCoVwZvXwU/l4E7elQceShuAsAdDOxtp0lM8WMjYEASLWwNZm8CKK:Q

    Score
    10/10
    quasardefense_evasionexecutionspywaretrojan

    • Quasar RAT

      Quasar is an open source Remote Access Tool.

      trojanspywarequasar

    • Quasar payload

    • Command and Scripting Interpreter: PowerShell

      Run Powershell and hide display window.

      execution

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Impair Defenses: Safe Mode Boot

      defense_evasion

    • Indicator Removal: Clear Windows Event Logs

      Clear Windows Event Logs to hide the activity of an intrusion.

      defense_evasion

    • Hide Artifacts: Hidden Window

      Windows that would typically be displayed when an application carries out an operation can be hidden.

      defense_evasion

    • Drops file in System32 directory

    behavioral2

MITRE ATT&CK Enterprise v15

Tasks