General

  • Target

    main.zip

  • Size

    20.1MB

  • MD5

    32672d2c0e42c11b9c05fb52dbceb4cf

  • SHA1

    bef3243b7db34785dcb9d456be25fc0ed02f3932

  • SHA256

    babf47d8493a17a590dfe66ba74f204a24c9e2ff878a52deabe3082766d72a79

  • SHA512

    f996a26f0c6efe58fe94ad63893603d6102326fd0d4f5e304869ca776312831694ecb217ceed2a791119c0101634d2f9a563d7b15658eb0818f105a71c4d268b

  • SSDEEP

    393216:P2lQQT08IesheJJkSMtSEu6dfOIdCbr2uDoqYnOuI:Pcgb9UJJ2tSMf83XYns

Malware Config

Extracted

Family

quasar

Version

1.4.0.0

Botnet

Office

C2

82.117.243.110:5173

Mutex

edH11NGQWIdCwvLx00

Attributes
  • encryption_key

    aGPuRaDerdUDJPrAfXtB

  • install_name

    csrss.exe

  • log_directory

    Logs

  • reconnect_delay

    3000

  • startup_key

    Framework

  • subdirectory

    SubDir

Extracted

Family

vidar

C2

https://t.me/asg7rd

https://steamcommunity.com/profiles/76561199794498376

Attributes
  • user_agent

    Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.6 Safari/605.1.15 Ddg/17.6

Signatures

  • Async RAT payload 1 IoCs
  • Asyncrat family
  • DCRat payload 5 IoCs
  • Dcrat family
  • Detect Vidar Stealer 1 IoCs
  • Quasar family
  • Quasar payload 2 IoCs
  • StormKitty payload 1 IoCs
  • Stormkitty family
  • VenomRAT 1 IoCs

    Detects VenomRAT.

  • Venomrat family
  • Vidar family
  • Unsigned PE 47 IoCs

    Checks for missing Authenticode signature.

Files

  • main.zip
    .zip
  • start-main/Installer.zip
    .zip
  • Installer/Accord.dll
    .dll windows:4 windows x86 arch:x86

    dae02f32a21e03ce65412f6e56942daa


    Headers

    Imports

    Sections

  • Installer/CapCut.exe
    .exe windows:6 windows x64 arch:x64

    82e9f830e8c4dfa28b9827c55b0c7c9e


    Headers

    Imports

    Sections

  • Installer/Tools/Accord.3.8.0/.signature.p7s
  • Installer/Tools/Accord.3.8.0/Accord.3.8.0.nupkg
    .nupkg
  • Installer/Tools/Accord.3.8.0/build/Accord.dll.config
  • Installer/Tools/Accord.3.8.0/build/Accord.targets
  • Installer/Tools/Accord.3.8.0/lib/net35-unity full v3.5/Accord.dll
    .dll windows:4 windows x86 arch:x86

    dae02f32a21e03ce65412f6e56942daa


    Headers

    Imports

    Sections

  • Installer/Tools/Accord.3.8.0/lib/net35-unity full v3.5/Accord.xml
    .xml
  • Installer/Tools/Accord.3.8.0/lib/net35-unity micro v3.5/Accord.dll
    .dll windows:4 windows x86 arch:x86

    dae02f32a21e03ce65412f6e56942daa


    Headers

    Imports

    Sections

  • Installer/Tools/Accord.3.8.0/lib/net35-unity micro v3.5/Accord.xml
    .xml
  • Installer/Tools/Accord.3.8.0/lib/net35-unity subset v3.5/Accord.dll
    .dll windows:4 windows x86 arch:x86

    dae02f32a21e03ce65412f6e56942daa


    Headers

    Imports

    Sections

  • Installer/Tools/Accord.3.8.0/lib/net35-unity subset v3.5/Accord.xml
    .xml
  • Installer/Tools/Accord.3.8.0/lib/net35-unity web v3.5/Accord.dll
    .dll windows:4 windows x86 arch:x86

    dae02f32a21e03ce65412f6e56942daa


    Headers

    Imports

    Sections

  • Installer/Tools/Accord.3.8.0/lib/net35-unity web v3.5/Accord.xml
    .xml
  • Installer/Tools/Accord.3.8.0/lib/net35/Accord.dll
    .dll windows:4 windows x86 arch:x86

    dae02f32a21e03ce65412f6e56942daa


    Headers

    Imports

    Sections

  • Installer/Tools/Accord.3.8.0/lib/net35/Accord.xml
    .xml
  • Installer/Tools/Accord.3.8.0/lib/net40/Accord.dll
    .dll windows:4 windows x86 arch:x86

    dae02f32a21e03ce65412f6e56942daa


    Headers

    Imports

    Sections

  • Installer/Tools/Accord.3.8.0/lib/net40/Accord.xml
    .xml
  • Installer/Tools/Accord.3.8.0/lib/net45/Accord.dll
    .dll windows:4 windows x86 arch:x86

    dae02f32a21e03ce65412f6e56942daa


    Headers

    Imports

    Sections

  • Installer/Tools/Accord.3.8.0/lib/net45/Accord.xml
    .xml
  • Installer/Tools/Accord.3.8.0/lib/net46/Accord.dll
    .dll windows:4 windows x86 arch:x86

    dae02f32a21e03ce65412f6e56942daa


    Headers

    Imports

    Sections

  • Installer/Tools/Accord.3.8.0/lib/net46/Accord.xml
    .xml
  • Installer/Tools/Accord.3.8.0/lib/net462/Accord.dll
    .dll windows:4 windows x86 arch:x86

    dae02f32a21e03ce65412f6e56942daa


    Headers

    Imports

    Sections

  • Installer/Tools/Accord.3.8.0/lib/net462/Accord.xml
    .xml
  • Installer/Tools/Accord.3.8.0/lib/netstandard1.4/Accord.dll
    .dll windows:4 windows x86 arch:x86

    dae02f32a21e03ce65412f6e56942daa


    Headers

    Imports

    Sections

  • Installer/Tools/Accord.3.8.0/lib/netstandard1.4/Accord.xml
    .xml
  • Installer/Tools/Accord.3.8.0/lib/netstandard2.0/Accord.dll
    .dll windows:4 windows x86 arch:x86

    dae02f32a21e03ce65412f6e56942daa


    Headers

    Imports

    Sections

  • Installer/Tools/Accord.3.8.0/lib/netstandard2.0/Accord.xml
    .xml
  • Installer/Tools/Accord.Video.3.8.0/.signature.p7s
  • Installer/Tools/Accord.Video.3.8.0/Accord.Video.3.8.0.nupkg
    .nupkg
  • Installer/Tools/Accord.Video.3.8.0/lib/net35-unity full v3.5/Accord.Video.dll
    .dll windows:4 windows x86 arch:x86

    dae02f32a21e03ce65412f6e56942daa


    Headers

    Imports

    Sections

  • Installer/Tools/Accord.Video.3.8.0/lib/net35-unity full v3.5/Accord.Video.xml
    .vbs .xml polyglot
  • Installer/Tools/Accord.Video.3.8.0/lib/net35-unity micro v3.5/Accord.Video.dll
    .dll windows:4 windows x86 arch:x86

    dae02f32a21e03ce65412f6e56942daa


    Headers

    Imports

    Sections

  • Installer/Tools/Accord.Video.3.8.0/lib/net35-unity micro v3.5/Accord.Video.xml
    .vbs .xml polyglot
  • Installer/Tools/Accord.Video.3.8.0/lib/net35-unity subset v3.5/Accord.Video.dll
    .dll windows:4 windows x86 arch:x86

    dae02f32a21e03ce65412f6e56942daa


    Headers

    Imports

    Sections

  • Installer/Tools/Accord.Video.3.8.0/lib/net35-unity subset v3.5/Accord.Video.xml
    .vbs .xml polyglot
  • Installer/Tools/Accord.Video.3.8.0/lib/net35-unity web v3.5/Accord.Video.dll
    .dll windows:4 windows x86 arch:x86

    dae02f32a21e03ce65412f6e56942daa


    Headers

    Imports

    Sections

  • Installer/Tools/Accord.Video.3.8.0/lib/net35-unity web v3.5/Accord.Video.xml
    .vbs .xml polyglot
  • Installer/Tools/Accord.Video.3.8.0/lib/net35/Accord.Video.dll
    .dll windows:4 windows x86 arch:x86

    dae02f32a21e03ce65412f6e56942daa


    Headers

    Imports

    Sections

  • Installer/Tools/Accord.Video.3.8.0/lib/net35/Accord.Video.xml
    .vbs .xml polyglot
  • Installer/Tools/Accord.Video.3.8.0/lib/net40/Accord.Video.dll
    .dll windows:4 windows x86 arch:x86

    dae02f32a21e03ce65412f6e56942daa


    Headers

    Imports

    Sections

  • Installer/Tools/Accord.Video.3.8.0/lib/net40/Accord.Video.xml
    .vbs .xml polyglot
  • Installer/Tools/Accord.Video.3.8.0/lib/net45/Accord.Video.dll
    .dll windows:4 windows x86 arch:x86

    dae02f32a21e03ce65412f6e56942daa


    Headers

    Imports

    Sections

  • Installer/Tools/Accord.Video.3.8.0/lib/net45/Accord.Video.xml
    .vbs .xml polyglot
  • Installer/Tools/Accord.Video.3.8.0/lib/net46/Accord.Video.dll
    .dll windows:4 windows x86 arch:x86

    dae02f32a21e03ce65412f6e56942daa


    Headers

    Imports

    Sections

  • Installer/Tools/Accord.Video.3.8.0/lib/net46/Accord.Video.xml
    .vbs .xml polyglot
  • Installer/Tools/Accord.Video.3.8.0/lib/net462/Accord.Video.dll
    .dll windows:4 windows x86 arch:x86

    dae02f32a21e03ce65412f6e56942daa


    Headers

    Imports

    Sections

  • Installer/Tools/Accord.Video.3.8.0/lib/net462/Accord.Video.xml
    .vbs .xml polyglot
  • Installer/Tools/Accord.Video.3.8.0/lib/netstandard2.0/Accord.Video.dll
    .dll windows:4 windows x86 arch:x86

    dae02f32a21e03ce65412f6e56942daa


    Headers

    Imports

    Sections

  • Installer/Tools/Accord.Video.3.8.0/lib/netstandard2.0/Accord.Video.xml
    .vbs .xml polyglot
  • Installer/avdevice-57.dll
    .dll windows:4 windows x86 arch:x86

    147a6b2b5756db95c56dfa522fad646b


    Headers

    Imports

    Exports

    Sections

  • Installer/avformat-57.dll
    .dll windows:4 windows x86 arch:x86

    a44302e9f0e0e01b16f217b48362a78e


    Headers

    Imports

    Exports

    Sections

  • start-main/Session.exe
    .exe windows:4 windows x86 arch:x86

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections

  • start-main/Sushi.exe
    .exe windows:4 windows x86 arch:x86

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections

  • start-main/fgthawd.exe
    .exe windows:4 windows x86 arch:x86

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections

  • start-main/gawdrgasd.exe
    .exe windows:6 windows x64 arch:x64

    82e9f830e8c4dfa28b9827c55b0c7c9e


    Headers

    Imports

    Sections

  • start-main/hbfgjhhesfd.exe
    .exe windows:4 windows x86 arch:x86

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections

  • start-main/hdawuithjawe.exe
    .exe windows:6 windows x86 arch:x86


    Headers

    Sections

  • start-main/hnfsefawd.exe
    .exe windows:4 windows x86 arch:x86

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections

  • start-main/jerniuiopu.exe
    .exe windows:4 windows x86 arch:x86

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections

  • start-main/jthusjefth.exe
    .exe windows:6 windows x86 arch:x86


    Headers

    Sections

  • start-main/jythjadthawed.exe
    .exe windows:4 windows x86 arch:x86

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections

  • start-main/khseofk.exe
    .exe windows:6 windows x86 arch:x86


    Headers

    Sections

  • start-main/khtoawdltrha.exe
    .exe windows:6 windows x86 arch:x86


    Headers

    Sections

  • start-main/ksfawtyha.exe
    .exe windows:4 windows x86 arch:x86

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections

  • start-main/ktyhpldea.exe
    .exe windows:6 windows x86 arch:x86


    Headers

    Sections

  • start-main/lhoefskghas.exe
    .exe windows:4 windows x86 arch:x86

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections

  • start-main/ltpohpadw.exe
    .exe windows:6 windows x64 arch:x64

    3d303175fced9345f14b8a51817a6c63


    Code Sign

    Headers

    Imports

    Sections

  • start-main/mhbiwejrtgha.exe
    .exe windows:4 windows x86 arch:x86

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections

  • start-main/njrtdhadawt.exe
    .exe windows:5 windows x86 arch:x86

    dae99f55715d10799c7a5f3e0cd9d13d


    Headers

    Imports

    Sections

  • start-main/odrsfgawd.exe
    .exe windows:4 windows x86 arch:x86

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections

  • start-main/opthjdkawrtgh.exe
    .exe windows:4 windows x86 arch:x86

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections

  • start-main/pdf.exe
    .exe windows:5 windows x86 arch:x86

    be41bf7b8cc010b614bd36bbca606973


    Code Sign

    Headers

    Imports

    Sections

  • $TEMP/Desk
  • $TEMP/Easter
  • $TEMP/Misc
  • $TEMP/Rank
  • $TEMP/Team
  • $TEMP/Urls
  • MonitoredAlgorithm/Illegal
  • MonitoredAlgorithm/Ir
  • MonitoredAlgorithm/Leather
  • MonitoredAlgorithm/Literacy
  • MonitoredAlgorithm/Mandate
  • MonitoredAlgorithm/Mitsubishi
  • MonitoredAlgorithm/Nc
  • MonitoredAlgorithm/Niger
  • MonitoredAlgorithm/Pairs
  • MonitoredAlgorithm/Rod
  • MonitoredAlgorithm/Springer
  • MonitoredAlgorithm/Toronto
  • MonitoredAlgorithm/Trivia
  • NetscapeTier/Premier
  • StopsPal/Alan
  • StopsPal/Applicants
  • StopsPal/Babes
  • StopsPal/Browsing
  • StopsPal/Cabin
  • StopsPal/Deviation
  • StopsPal/Opens
  • StopsPal/Payroll
  • StopsPal/Pentium
  • StopsPal/Results
  • StopsPal/Sans
  • StopsPal/Such
  • StopsPal/Voip
  • StopsPal/Wma
  • start-main/pthjadh.exe
    .exe windows:4 windows x86 arch:x86

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections

  • start-main/ptihjawdthas.exe
    .exe windows:4 windows x86 arch:x86

    0252f8597a857ddcc37d09e38ea5837d


    Headers

    Imports

    Sections

  • start-main/yjadyjasfdtj.exe
    .exe windows:4 windows x86 arch:x86

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections