General
-
Target
Aurora.Crypter.bat
-
Size
15.5MB
-
Sample
240819-zwppjazcmj
-
MD5
83651c557776cf794556dff0b374c1d7
-
SHA1
34931e55ff8bfa85a721086910624e72f9a957fb
-
SHA256
f83073b5c7d316632b77808423a07425fc4a9314526ebc55174cee134be2cbf0
-
SHA512
ccba336b8abfa555b5f9c8a49ccce18ac072e86ee010f5c6618c9692a07d4f81444bcfe363b9ae13102e0d1c6e7ee9dc9af0e86ee20aab6ed5ca61ad8bf3ac9d
-
SSDEEP
49152:ddCxJ8qpgn1Bcsk0dWCUmQuR0CciSk13blWnft0nnrxvYKyyVjqo8Gf7T1/+f83b:R
Static task
static1
Behavioral task
behavioral1
Sample
Aurora.Crypter.bat
Resource
win7-20240729-en
Behavioral task
behavioral2
Sample
Aurora.Crypter.bat
Resource
win10v2004-20240802-en
Malware Config
Extracted
quasar
-
reconnect_delay
1000
Targets
-
-
Target
Aurora.Crypter.bat
-
Size
15.5MB
-
MD5
83651c557776cf794556dff0b374c1d7
-
SHA1
34931e55ff8bfa85a721086910624e72f9a957fb
-
SHA256
f83073b5c7d316632b77808423a07425fc4a9314526ebc55174cee134be2cbf0
-
SHA512
ccba336b8abfa555b5f9c8a49ccce18ac072e86ee010f5c6618c9692a07d4f81444bcfe363b9ae13102e0d1c6e7ee9dc9af0e86ee20aab6ed5ca61ad8bf3ac9d
-
SSDEEP
49152:ddCxJ8qpgn1Bcsk0dWCUmQuR0CciSk13blWnft0nnrxvYKyyVjqo8Gf7T1/+f83b:R
Score10/10-
Quasar payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Impair Defenses: Safe Mode Boot
-
Indicator Removal: Clear Windows Event Logs
Clear Windows Event Logs to hide the activity of an intrusion.
-
Hide Artifacts: Hidden Window
Windows that would typically be displayed when an application carries out an operation can be hidden.
-