Extracted

• • Target

    mielda loco 12.exe

  • Size

    3.1MB

  • MD5

    4ae7ab9b981922837aae1c86c7f726a3

  • SHA1

    1783e0788fb2a103d71bc9a05ae2fb85c0d70ee9

  • SHA256

    b1b8ad9032b829e2ac3956ce8f302745802cd2d5ae686c700796e2f2ee81b0f7

  • SHA512

    79c4bf39ae1761414b5f37186c2483a4b8755168824d6e783ea9cab26e7c0118f391b6417c622b65ea3ac3924ae745a6abe4838ca1d87671898ad90ae9a18e58

  • SSDEEP

    49152:Cv+lL26AaNeWgPhlmVqvMQ7XSK6v9y/ZBxOPoGdexMTHHB72eh2NT:CvuL26AaNeWgPhlmVqkQ7XSK64/M2

  Score

  10^/10

  quasaroffice04discoverypersistencephishingprivilege_escalationspywarestealertrojan

  • Quasar RAT

    Quasar is an open source Remote Access Tool.

    trojanspywarequasar

  • Quasar family

    quasar

  • Quasar payload

  • Downloads MZ/PE file

  • Drops file in Drivers directory

  • Manipulates Digital Signatures

    Attackers can apply techniques such as changing the registry keys of authenticode & Cryptography to obtain their binary as valid.

  • A potential corporate email address has been identified in the URL: [email protected]

    phishing

  • Executes dropped EXE

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Adds Run key to start application

    persistence

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery

  • Enumerates connected drives

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops file in System32 directory

  behavioral1