General
-
Target
builder.bat
-
Size
14.9MB
-
Sample
240817-k5fqna1djr
-
MD5
70a53c5ec35eefae927a0c413a89937a
-
SHA1
1bc9a22903968bfc05b87c1082a5c4242802d4dd
-
SHA256
a7aa6fa77e4931544a6966ef435400c52a79af300a548aca4e9c67f72218ac2d
-
SHA512
c712f2b98b0eb8c4808e4abcee0cc6100fc3e7d445f40208da0429b754148f190083ce247f183bb112083c15b06f466cbe573fe01f47de3d7958d8624e8d9aae
-
SSDEEP
49152:QYwuS617ST7nN2d57VTqUTm0AmK0jEHD5FQ/9gsyuEgPXiGncZwPnzLO1WtJHFi7:S
Static task
static1
Behavioral task
behavioral1
Sample
builder.bat
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
builder.bat
Resource
win10v2004-20240802-en
Malware Config
Extracted
quasar
-
reconnect_delay
3000
Targets
-
-
Target
builder.bat
-
Size
14.9MB
-
MD5
70a53c5ec35eefae927a0c413a89937a
-
SHA1
1bc9a22903968bfc05b87c1082a5c4242802d4dd
-
SHA256
a7aa6fa77e4931544a6966ef435400c52a79af300a548aca4e9c67f72218ac2d
-
SHA512
c712f2b98b0eb8c4808e4abcee0cc6100fc3e7d445f40208da0429b754148f190083ce247f183bb112083c15b06f466cbe573fe01f47de3d7958d8624e8d9aae
-
SSDEEP
49152:QYwuS617ST7nN2d57VTqUTm0AmK0jEHD5FQ/9gsyuEgPXiGncZwPnzLO1WtJHFi7:S
Score10/10-
Quasar payload
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Indicator Removal: Clear Windows Event Logs
Clear Windows Event Logs to hide the activity of an intrusion.
-
Hide Artifacts: Hidden Window
Windows that would typically be displayed when an application carries out an operation can be hidden.
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Defense Evasion
Hide Artifacts
2Hidden Files and Directories
1Hidden Window
1Indicator Removal
1Clear Windows Event Logs
1