Extracted

Extracted

Extracted

Extracted

Extracted

Extracted

• • Target

    CMMON32.exe

  • Size

    7.9MB

  • MD5

    79c02f84f1618db1afcbddbb6bb6d797

  • SHA1

    6220b2e090b0987290197449361fd2bb954fcc87

  • SHA256

    c13cc014e521bf589bb1320d3fc5f6f673165d7b430ad4bc9849b9b46529dc9d

  • SHA512

    3ef54cc01a53ae499516a99c5374f4b97f710352e92ac818985b4595e9036888c2d44d1ae39d9d5718d4c20f51232a7ad80fbe662cb515626afa0031d0c5017e

  • SSDEEP

    196608:IsuvoQSD/MPz9wo4QesfpkwCA0X40G+C4ypCui/:luvoQ2/mwo4hsunXlqCd

  Score

  7^/10

  discovery

  • Executes dropped EXE

  behavioral1

• • Target

    Client-built.exe

  • Size

    3.1MB

  • MD5

    bca741ae4859002713ab829f3441b08d

  • SHA1

    af7c685905258533ae74ce19bc00d164857f4d9a

  • SHA256

    c3669fd2b8ecf9cca3008052d31d8e9fba6b975f7bafb5fc132a4310ab582bd1

  • SHA512

    a0b0bf14019ea3956060f98bbbdd214c3727677e1f3f50a9a5ada7cf8a864c981491b2298846354a9bc9ed9b179ab56b63bcd899f9cf6d9b2c44cdbf93c1ea43

  • SSDEEP

    49152:HvyI22SsaNYfdPBldt698dBcjHpruwBSoGdrTHHB72eh2NT:Hvf22SsaNYfdPBldt6+dBcjHpawg

  Score

  10^/10

  quasaroffice04spywaretrojan

  • Quasar RAT

    Quasar is an open source Remote Access Tool.

    trojanspywarequasar

  • Quasar family

    quasar

  • Quasar payload

  behavioral2

• • Target

    CraxsRatV7.6.exe

  • Size

    227KB

  • MD5

    c45c1b19507bfdef83cee67ce32602ea

  • SHA1

    1fe3b295339d9cfbcf933376ddddc354eded894f

  • SHA256

    d2d7e459a6672f39385a3a20ca4fffd45a9cc136ed401a6757d26aa54c807d01

  • SHA512

    1cf01f3139d68c8200a7c061c40ea470a61b6d7a4ac3808e19f0e12c0c01b9a5cc35187025a5004fe6be43986e832eaedf3fd7cbae9e2d612afda49d4af5809a

  • SSDEEP

    3072:igccLCv4pNzrQLZQdahMyVXMBG0FOg1zxMrb+oft7Gfu4sBrMw4eojPGaT5QKk:iYbpNzrUyahL5D

  Score

  3^/10

  discovery
  behavioral3

• • Target

    FivemCheat.exe

  • Size

    3.1MB

  • MD5

    60a612de44dbb71958d82422ff819e7b

  • SHA1

    0c7f623b0b30e76427d199412b8393105abea13b

  • SHA256

    9cbd8ea7f253ce4f8f8d2acaae5eee3d2c1c623ccccd0d82760a86c2a3ef80ed

  • SHA512

    4560ecb28ad10657f92144453bdefb3c0a753e9be71a1ef69fba6c16d0e09944c9b0b2b014d410d8bdc50e2427a10e883b4e1e9a78b072fa63053941c088984c

  • SSDEEP

    49152:3vyI22SsaNYfdPBldt698dBcjHq23iqwarkgoGdQ6THHB72eh2NT:3vf22SsaNYfdPBldt6+dBcjH3yqx

  Score

  10^/10

  quasarfivemcheat5spywaretrojan

  • Quasar RAT

    Quasar is an open source Remote Access Tool.

    trojanspywarequasar

  • Quasar family

    quasar

  • Quasar payload

  • Executes dropped EXE

  behavioral4

• • Target

    QuantumBuilder.exe

  • Size

    506KB

  • MD5

    e5fb57e8214483fd395bd431cb3d1c4b

  • SHA1

    60e22fc9e0068c8156462f003760efdcac82766b

  • SHA256

    e389fc5782f754918a10b020adcd8faa11c25658b8d6f8cbc49f9ac3a7637684

  • SHA512

    dc2ed0421db7dd5a3afeacb6a9f5017c97fc07d0b2d1745b50ede50087a58245d31d6669077a672b32541dbfa233ef87260a37be48de3bd407d8c587fc903d89

  • SSDEEP

    12288:zrUQw+2uPHL2hWsL94HPkH+oG7kSKT5T:wVuPr2hWsL94y+oG1K5

  Score

  10^/10

  redlinediscoveryinfostealer

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • RedLine payload

  • Redline family

    redline
  behavioral5

• • Target

    R2Tf11dq2.exe

  • Size

    12.6MB

  • MD5

    8a730916c93407c4b36e268918fd44e7

  • SHA1

    c08a8ca96e78d0d4279270a1ea4cf92d7e8f9bad

  • SHA256

    32693c669408671a06dd4aab4971a0e779a1c8bbe76b2d0f12f6f995f0cc1f01

  • SHA512

    03ed7715ab1f7adf8f2b2d9185b5be96fd0c09fb73659f7df8602b93045fa1f6af032ce543fde8da011112c9de62a43ceed15e4d5ab2a972511a3bd47e9ff951

  • SSDEEP

    196608:H4U7jbJjEQwFxWMkBZoW6yNrYc1T/1W3n2jowKL7+lmZg+Cjt5P5bJk:PjEQwFxWrovyNsYWjxL7+lmu+Cjn9J

  Score

  10^/10

  quasarougo80.sysdiscoveryspywaretrojan

  • Quasar RAT

    Quasar is an open source Remote Access Tool.

    trojanspywarequasar

  • Quasar family

    quasar

  • Quasar payload

  • Executes dropped EXE

  • Loads dropped DLL

  • Drops file in System32 directory

  behavioral6

• • Target

    System.exe

  • Size

    3.1MB

  • MD5

    e80f9a2d968a10ce2bbd655666befe8c

  • SHA1

    d56125da872bda98b592df56baf7fbfdeff94b6d

  • SHA256

    95f172a69bb9e7310bf636d76e310ec9603601e488473f2bdfe3c0e7dd2b9667

  • SHA512

    9bd6e745142143509f64c0239c9e535985c53d5e28ce4fb328f1e4b354c52f081c0545fe80549754a54857338e9b32ac2dfcab5379bca70f05907a55ae10d04c

  • SSDEEP

    49152:Bvuuf2NUaNmwzPWlvdaKM7ZxTwKKoZ2jmZv9oGuDFTHHB72eh2NT:BvJf2NUaNmwzPWlvdaB7ZxTwJoZ2I

  Score

  10^/10

  quasarbotnetspywaretrojan

  • Quasar RAT

    Quasar is an open source Remote Access Tool.

    trojanspywarequasar

  • Quasar family

    quasar

  • Quasar payload

  • Executes dropped EXE

  behavioral7

• • Target

    kinginamoV2.exe

  • Size

    7KB

  • MD5

    d0d5849e7f27c75fc633836f78c4f08c

  • SHA1

    88d8481a78cf1b1d9f9da57dcb3ea3f29fe50b31

  • SHA256

    a9e14a63608039296ba653d46ac52f5b2849cd1676e44a4167f5c75b08e92744

  • SHA512

    219b7449565398b31da5a7941524edd01581268ddf100bbc7e838da7b15e82a4754ee21cf6a78ad81e33dbaf6b5a7363973ed1558eb1f16788f2d7eb80274f0d

  • SSDEEP

    24:eFGStrJ9u0/6D+nZdkBQAVR1YRwKZqQ/eNDMSCvOXpmB:is0qWkBQiqRwCSD9C2kB

  Score

  10^/10

  metasploitbackdoortrojan

  • MetaSploit

    Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

    trojanbackdoormetasploit

  • Metasploit family

    metasploit
  behavioral8

• • Target

    robloxfischscriptlist.exe

  • Size

    348KB

  • MD5

    548fa12c57a2af723d85d90a4a8a6611

  • SHA1

    b149e2c987cf1c584b94bb752bd81b27cde7f83b

  • SHA256

    a591429743ce96a0c4b8d7e86130c3a61505cde949e9996b15117f6ab85a2b85

  • SHA512

    3dc814d8ea98219444800ddffb6ff885fca45b8e305022156ea1620a09c5667a53d115225e4ef60448121797a4f383891cfd61b8bdc2bad61cc42828d0d7a217

  • SSDEEP

    6144:MmNHXf500MbsOnxaxfROEUbDgosLDqvJq9v7IHPnW:Td50iOnvEViJq9TIvnW

  Score

  10^/10

  quasarclintdiscoveryspywaretrojan

  • Quasar RAT

    Quasar is an open source Remote Access Tool.

    trojanspywarequasar

  • Quasar family

    quasar

  • Quasar payload

  • Executes dropped EXE

  • Loads dropped DLL

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  behavioral9

• • Target

    robloxlist.exe

  • Size

    348KB

  • MD5

    cc0ce734de3f88924449b16df0c92911

  • SHA1

    af48aa8c33b0d8f0757f9abe8938aa66dfa9a588

  • SHA256

    da59a47ae6bde91de01f45a7c3ba4217bd91b4cb0087d58ed4e10eea50866e49

  • SHA512

    c92a607b979a3013426ef181daced2792b451180d196078342dd64dcc6496cc98c824a67b60a7073f527ac905e12d62d61651b576e26a1921e60869c85bcd6b0

  • SSDEEP

    6144:8uwb/c2L0t5kiOW9ubBcz7b3Ga66b2SO:7H2L5ly6czv3GalbJO

  Score

  10^/10

  quasarclintdiscoveryspywaretrojan

  • Quasar RAT

    Quasar is an open source Remote Access Tool.

    trojanspywarequasar

  • Quasar family

    quasar

  • Quasar payload

  • Executes dropped EXE

  • Loads dropped DLL

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  behavioral10