General

  • Target

    SeroXen v3.zip

  • Size

    4.0MB

  • Sample

    240915-am723svgqb

  • MD5

    33ab605ba89f1a5188d250ec9820260b

  • SHA1

    fdf610782fe43368d478de0047a6efb52621d2de

  • SHA256

    b4765a83ef556d2f3500d047c7e96855ec7d7e16dceaf8a82611d7dbb5ad4576

  • SHA512

    2b87de6efe667fd22b54515f18ca9f92cd917afc0ddadceb2e308d2afe2dd0d9cdfa96e314f4b1b1bed9729fb804201d583456530c5f35c41e98ba9d93b34074

  • SSDEEP

    98304:J2tPJKXg/KQJwMxN22i/Dwmko60PFkinQPcZlrU4ifzF5V:JK8w/lJwMH2JZI0PFFn+c4xz7V

Malware Config

Extracted

Family

quasar

Attributes
  • reconnect_delay

    5000

Targets

    • Target

      Guna.UI2.dll

    • Size

      1.9MB

    • MD5

      83e9df5d534f50280251d662861bf476

    • SHA1

      d2ecd37e462b3c6fa763341a12f9de74326cb646

    • SHA256

      836e1cc306eab0817a10c613a9c99d4dcbd604624b8b90f551d410dc164eef82

    • SHA512

      af38cfbd5fb866662afa4548011ba2d262cd70ff145fe4118db3322a9ea243bd9d8dc9cdfc62a246df014949a94d159bcd47a8f8f04010b93c963511a7e6a72a

    • SSDEEP

      24576:+5lxrKZ9DHFoXP/Jt/A1IKKPZANZuwgHQ/jz41RMIK24:Av/CIRqwRMIK24

    Score
    1/10
    • Target

      Mono.Cecil.dll

    • Size

      277KB

    • MD5

      8df4d6b5dc1629fcefcdc20210a88eac

    • SHA1

      16c661757ad90eb84228aa3487db11a2eac6fe64

    • SHA256

      3e4288b32006fe8499b43a7f605bb7337931847a0aa79a33217a1d6d1a6c397e

    • SHA512

      874b4987865588efb806a283b0e785fd24e8b1562026edd43050e150bce6c883134f3c8ad0f8c107b0fb1b26fce6ddcc7e344a5f55c3788dac35035b13d15174

    • SSDEEP

      6144:iYOMWAEq+PAEwGQ9Xivs0s4EtS1Fv8jnLKdFvkPo2:AG+PpjQSHv8jA

    Score
    1/10
    • Target

      Mono.Nat.dll

    • Size

      40KB

    • MD5

      bf929442b12d4b5f9906b29834bf7db1

    • SHA1

      810a2b3c8e548d1df931538bc304cc1405f7a32b

    • SHA256

      b33435ac7cdefcf7c2adf96738c762a95414eb7a4967ef6b88dcda14d58bfee0

    • SHA512

      9fcfaf48bfe5455a466e666bafa59a7348a736368daa892333cefa0cac22bcef3255f9cee24a70ed96011b73abea8e5d3dbf24876cffa81e0b532df41dd81828

    • SSDEEP

      768:yoVesKx0V2LpibQJxoKUDHj560aSX3zlJAO:lVespQibC+H56k3fF

    Score
    1/10
    • Target

      Octokit.dll

    • Size

      1.3MB

    • MD5

      80feaeb7b8c493df5534c2b5c2c43bae

    • SHA1

      c73542b0a4247442c2aa979b7d4e7210ed87e03a

    • SHA256

      41508af363730c9df614bfe3e498cf5dc4565ec54907f7fb26bd86194e5ff3de

    • SHA512

      7e627e64e2273d6f0c054decd3e9cd6845d191f56e1ce29591a011e59b815805a26eba36c7746893567058fe21bde887a37c1aa89bcbae749ff00eec66d6a69b

    • SSDEEP

      24576:7PhshAfmAoEpwQQWhZ62KLp+CkAdjG3sMs2Cd5o775AxUzNZsPbKAayFHV+Sg:NrHCkAdjG3sMs2Cd5o775AxUzN8JayFr

    Score
    1/10
    • Target

      SeroXen.exe

    • Size

      3.8MB

    • MD5

      e9308e5ef39ef2c9b8e4b72c23abc690

    • SHA1

      758bf805f750c02b89c1ab58009c89bd301ea98f

    • SHA256

      3097c065663067e0c648f7b78c85119947b636293f7fdddeeaf51a1be9d704af

    • SHA512

      6995e1d4b3c16e45ebc48e4a33e69d63eb9cc5c50ebd7829ac752a4558b378246cbbf173f275dea32906644b55b0906e212bfc552051611d40e604fe031d32b3

    • SSDEEP

      49152:eaMvzr6rnr4r0r0r0rLrBrnrmrdr7rQrMBpr0r0r0r0r0r0r0r0r0r0r0rZBrL/:qB

    Score
    1/10
    • Target

      Siticone.Desktop.UI.dll

    • Size

      4.0MB

    • MD5

      1582aa45d981e0e569c6e05698642b30

    • SHA1

      763506f312a186c55a04ef6a16ad7e867c394097

    • SHA256

      21eecaf504b7fe787a45f4aa8f8f36dacfc3ab1d75624dfb41827cdef2a9a589

    • SHA512

      278a7a4e2b9d82528200b9f92244db3f228187d15c36fd169deb927e343bc4d0bb29c9dba496f86558aea4f4deb44d1e47a41d5598c0b375d99ad9fbe99cec34

    • SSDEEP

      24576:UCCxPAT4L7h3M7O2MLBSlvTh/aOBteUePU/DU/GHQYazK/DkWoql3zjbndHQ/jzb:WuO2MIThZNwewYDoyG

    Score
    1/10
    • Target

      Vestris.ResourceLib.dll

    • Size

      76KB

    • MD5

      64e9cb25aeefeeba3bb579fb1a5559bc

    • SHA1

      e719f80fcbd952609475f3d4a42aa578b2034624

    • SHA256

      34cab594ce9c9af8e12a6923fc16468f5b87e168777db4be2f04db883c1db993

    • SHA512

      b21cd93f010b345b09b771d24b2e5eeed3b73a82fc16badafea7f0324e39477b0d7033623923313d2de5513cb778428ae10161ae7fc0d6b00e446f8d89cf0f8c

    • SSDEEP

      1536:5Z0R489PUoltCY19T7Uf5DYoRvtkA2MNmjYgGKeK9jXGYWs:L0R489PUeCy7Uf5pVCMwjVG/K9jp

    Score
    1/10
    • Target

      client.bin

    • Size

      292KB

    • MD5

      c5cb7f04d3461efa49da4ba79b0295f3

    • SHA1

      82441798da42d6b8138ba2e0488aa981886c5248

    • SHA256

      b158f718405a2df94ad3aac1b4d695ed2e990d90d4537fc621c8a31d19a6052b

    • SHA512

      91c7376c047a2d8e8da1069f708cb8b45b9624993a6a4cb80e28b91ab1180df965c49bc180915a9facd8c45f7170cb674f158c6bba66fbe247bb68572ecea5a8

    • SSDEEP

      6144:BTjJFBhD3ackfL0a576r3dwO4LAkbDFfrAaYoutpz:BhJ6wr3d34MaYzV

    • Quasar RAT

      Quasar is an open source Remote Access Tool.

    • Quasar payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

MITRE ATT&CK Enterprise v15

Tasks