Overview

overview

10

Static

static

1

e8a5b808ec...e6.msi

windows7-x64

6

e8a5b808ec...e6.msi

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    e8a5b808ec57fa33d43f8ca7cc74a7c7e00166dc9307fe1e82fc1e099f0cf5e6

  • Size

    4.8MB

  • Sample

    240819-lweyfa1aqm

  • MD5

    d5cfd09fd7161493290e9e15a2bdbe15

  • SHA1

    d9494f1c796f4b301692f0d16b54248514258fd4

  • SHA256

    e8a5b808ec57fa33d43f8ca7cc74a7c7e00166dc9307fe1e82fc1e099f0cf5e6

  • SHA512

    900aff0edc22a4f727909b54e8c6f85af9496e1957a8b9b5444c55b90dca15715e442b5958cecffa55a68f10d5e6b8cb56e220e005602569fd1cdbade3c75a02

  • SSDEEP

    98304:2kufFjyn453oxsC3gB02bIE2g32rYEc2ufqcn2:2kN4+WCL2yg3yuCZ

Score
10/10
quasardiscoverypersistenceprivilege_escalationspywaretrojan

Malware Config

Targets

    • Target

      e8a5b808ec57fa33d43f8ca7cc74a7c7e00166dc9307fe1e82fc1e099f0cf5e6

    • Size

      4.8MB

    • MD5

      d5cfd09fd7161493290e9e15a2bdbe15

    • SHA1

      d9494f1c796f4b301692f0d16b54248514258fd4

    • SHA256

      e8a5b808ec57fa33d43f8ca7cc74a7c7e00166dc9307fe1e82fc1e099f0cf5e6

    • SHA512

      900aff0edc22a4f727909b54e8c6f85af9496e1957a8b9b5444c55b90dca15715e442b5958cecffa55a68f10d5e6b8cb56e220e005602569fd1cdbade3c75a02

    • SSDEEP

      98304:2kufFjyn453oxsC3gB02bIE2g32rYEc2ufqcn2:2kN4+WCL2yg3yuCZ

    Score
    10/10
    discoverypersistenceprivilege_escalationquasarspywaretrojan

    • Quasar RAT

      Quasar is an open source Remote Access Tool.

      trojanspywarequasar

    • Drops startup file

    • Blocklisted process makes network request

    • Downloads MZ/PE file

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks