General
-
Target
SlottedAimV2.exe
-
Size
7.0MB
-
Sample
241122-epv8hstqet
-
MD5
decace854bd66eba96581505cbb1f785
-
SHA1
dfd6824e2db3a2ebb89208f0e5f69e6cc1661da6
-
SHA256
ebbdf48aafe6c046eca7512a4e764629559392147518fdf2917751a891bfcd5d
-
SHA512
e55f8afc9a36913aaa24932a94b82100a53accd4f5d8865fc207c9b50c607efa259115d53d5926e0b45c99c0b9dece02996a6b8db5d365af122ccbcdd69823c8
-
SSDEEP
196608:WrSUf0qyleOjmFQR4MVGFtwLPCnL2hVcL:PVXKtM5LPCGcL
Behavioral task
behavioral1
Sample
SlottedAimV2.exe
Resource
win7-20240729-en
Behavioral task
behavioral2
Sample
SlottedAimV2.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
quasar
1.3.0.0
FORTNITE
hanekese.ddns.net:1005
QSR_MUTEX_uKpgto5HxTzlVefHo9
-
encryption_key
RayN5IunUgPITKqRBUZA
-
install_name
Client.exe
-
log_directory
Logs
-
reconnect_delay
3000
-
startup_key
mac updater
-
subdirectory
SubDir
Targets
-
-
Target
SlottedAimV2.exe
-
Size
7.0MB
-
MD5
decace854bd66eba96581505cbb1f785
-
SHA1
dfd6824e2db3a2ebb89208f0e5f69e6cc1661da6
-
SHA256
ebbdf48aafe6c046eca7512a4e764629559392147518fdf2917751a891bfcd5d
-
SHA512
e55f8afc9a36913aaa24932a94b82100a53accd4f5d8865fc207c9b50c607efa259115d53d5926e0b45c99c0b9dece02996a6b8db5d365af122ccbcdd69823c8
-
SSDEEP
196608:WrSUf0qyleOjmFQR4MVGFtwLPCnL2hVcL:PVXKtM5LPCGcL
-
Quasar family
-
Quasar payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Clipboard Data
Adversaries may collect data stored in the clipboard from users copying information within or between applications.
-
Executes dropped EXE
-
Loads dropped DLL
-
Unsecured Credentials: Credentials In Files
Steal credentials from unsecured files.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Obfuscated Files or Information: Command Obfuscation
Adversaries may obfuscate content during command execution to impede detection.
-
Enumerates processes with tasklist
-
MITRE ATT&CK Enterprise v15
Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
3Credentials In Files
3Discovery
Browser Information Discovery
1Process Discovery
1Query Registry
1Remote System Discovery
1System Information Discovery
4System Location Discovery
1System Language Discovery
1System Network Configuration Discovery
2Internet Connection Discovery
1Wi-Fi Discovery
1