quasar | da3d1081146490256d4f9a915346aacd2798ceb25bbfac7fb0712633d01df614 | Triage

Sharing

General

Target

autodist_proproctor_M2.zip
Size

12.7MB
Sample

241113-vqjtwawcng
MD5

79e16be058aebef738d903f58c47d15a
SHA1

c525be68407f85dc8bc81dfe5e9127fc57d33efc
SHA256

da3d1081146490256d4f9a915346aacd2798ceb25bbfac7fb0712633d01df614
SHA512

bad71405fe43d05ef966f19e45d05ec38123f99e2680acc713a8711e9506ccc9339e19b80c6bab29e6b67c99a74dcfc644ceb4e1c76a566f4ce183ebb79b83e8
SSDEEP

393216:OEy8XJ+hbq//9eM2m5ojIYxavz7s7mdTSi65Y:Ny8XwqteM2m5oj1+3EgTn65Y

Score

10^/10

quasar evasion trojan

Malware Config

Targets

- Target
  
  autodist_proproctor_M2.zip
- Size
  
  12.7MB
- MD5
  
  79e16be058aebef738d903f58c47d15a
- SHA1
  
  c525be68407f85dc8bc81dfe5e9127fc57d33efc
- SHA256
  
  da3d1081146490256d4f9a915346aacd2798ceb25bbfac7fb0712633d01df614
- SHA512
  
  bad71405fe43d05ef966f19e45d05ec38123f99e2680acc713a8711e9506ccc9339e19b80c6bab29e6b67c99a74dcfc644ceb4e1c76a566f4ce183ebb79b83e8
- SSDEEP
  
  393216:OEy8XJ+hbq//9eM2m5ojIYxavz7s7mdTSi65Y:Ny8XwqteM2m5oj1+3EgTn65Y
Score

10^/10

evasion trojan
- UAC bypass
  evasion trojan
- Executes dropped EXE
- Checks whether UAC is enabled
  evasion trojan
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Abuse Elevation Control Mechanism

Bypass User Account Control

Defense Evasion

Abuse Elevation Control Mechanism

Bypass User Account Control

Impair Defenses

Disable or Modify Tools

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1