General

  • Target

    builder.bat

  • Size

    14.9MB

  • Sample

    241030-mpjhqazpd1

  • MD5

    70a53c5ec35eefae927a0c413a89937a

  • SHA1

    1bc9a22903968bfc05b87c1082a5c4242802d4dd

  • SHA256

    a7aa6fa77e4931544a6966ef435400c52a79af300a548aca4e9c67f72218ac2d

  • SHA512

    c712f2b98b0eb8c4808e4abcee0cc6100fc3e7d445f40208da0429b754148f190083ce247f183bb112083c15b06f466cbe573fe01f47de3d7958d8624e8d9aae

  • SSDEEP

    49152:QYwuS617ST7nN2d57VTqUTm0AmK0jEHD5FQ/9gsyuEgPXiGncZwPnzLO1WtJHFi7:S

Malware Config

Extracted

Family

quasar

Attributes
  • reconnect_delay

    3000

Targets

    • Target

      builder.bat

    • Size

      14.9MB

    • MD5

      70a53c5ec35eefae927a0c413a89937a

    • SHA1

      1bc9a22903968bfc05b87c1082a5c4242802d4dd

    • SHA256

      a7aa6fa77e4931544a6966ef435400c52a79af300a548aca4e9c67f72218ac2d

    • SHA512

      c712f2b98b0eb8c4808e4abcee0cc6100fc3e7d445f40208da0429b754148f190083ce247f183bb112083c15b06f466cbe573fe01f47de3d7958d8624e8d9aae

    • SSDEEP

      49152:QYwuS617ST7nN2d57VTqUTm0AmK0jEHD5FQ/9gsyuEgPXiGncZwPnzLO1WtJHFi7:S

    • Quasar RAT

      Quasar is an open source Remote Access Tool.

    • Quasar family

    • Quasar payload

    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Executes dropped EXE

    • Hide Artifacts: Hidden Window

      Windows that would typically be displayed when an application carries out an operation can be hidden.

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks