General
-
Target
builder.bat
-
Size
14.9MB
-
Sample
241030-mpjhqazpd1
-
MD5
70a53c5ec35eefae927a0c413a89937a
-
SHA1
1bc9a22903968bfc05b87c1082a5c4242802d4dd
-
SHA256
a7aa6fa77e4931544a6966ef435400c52a79af300a548aca4e9c67f72218ac2d
-
SHA512
c712f2b98b0eb8c4808e4abcee0cc6100fc3e7d445f40208da0429b754148f190083ce247f183bb112083c15b06f466cbe573fe01f47de3d7958d8624e8d9aae
-
SSDEEP
49152:QYwuS617ST7nN2d57VTqUTm0AmK0jEHD5FQ/9gsyuEgPXiGncZwPnzLO1WtJHFi7:S
Static task
static1
Behavioral task
behavioral1
Sample
builder.bat
Resource
win10v2004-20241007-en
Behavioral task
behavioral2
Sample
builder.bat
Resource
win10ltsc2021-20241023-en
Malware Config
Extracted
quasar
-
reconnect_delay
3000
Targets
-
-
Target
builder.bat
-
Size
14.9MB
-
MD5
70a53c5ec35eefae927a0c413a89937a
-
SHA1
1bc9a22903968bfc05b87c1082a5c4242802d4dd
-
SHA256
a7aa6fa77e4931544a6966ef435400c52a79af300a548aca4e9c67f72218ac2d
-
SHA512
c712f2b98b0eb8c4808e4abcee0cc6100fc3e7d445f40208da0429b754148f190083ce247f183bb112083c15b06f466cbe573fe01f47de3d7958d8624e8d9aae
-
SSDEEP
49152:QYwuS617ST7nN2d57VTqUTm0AmK0jEHD5FQ/9gsyuEgPXiGncZwPnzLO1WtJHFi7:S
Score10/10-
Quasar family
-
Quasar payload
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Executes dropped EXE
-
Hide Artifacts: Hidden Window
Windows that would typically be displayed when an application carries out an operation can be hidden.
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-