General
-
Target
SeroXen_Cracked-main.zip
-
Size
8.2MB
-
Sample
241128-f317cstkfp
-
MD5
be2e38fdf09445fcc563380b34456834
-
SHA1
9576198da00fbfd930f2f9700759e290b793e3c6
-
SHA256
deadf947dc6be85497b30473dcd6ab9a711b2e0a02df847c25f8fd15589a9c8b
-
SHA512
96bcaafcda5bafe1fc9f6db1eb914517f77c4ddf4767689f21ad0910869005e32ba071e0c682d12b7dd4dfff0ae26a0eaa85236aaf9805b4db7050a93af18c0b
-
SSDEEP
196608:Fi1/tl0L6Tt768UDVRNvlzZVUuphoFPgEHB4+7SUTAsI1SMLhs:UVl0Y1686NvpWFSKLI1Ps
Static task
static1
Behavioral task
behavioral1
Sample
SeroXen Crack/SeroXen-install.bat
Resource
win10ltsc2021-20241023-en
Behavioral task
behavioral2
Sample
SeroXen Crack/SeroXen-install.bat
Resource
win11-20241007-en
Malware Config
Extracted
quasar
1.0.0.0
v2.2.5 | SeroXen
kimsoylak.ddns.net:4782
2cc9d61f-950d-4f23-b7d5-45d9dda2f256
-
encryption_key
F467D794B2E1081B6AD1EAD5813AFA74F053248D
-
install_name
.exe
-
log_directory
$sxr-Logs
-
reconnect_delay
1
Targets
-
-
Target
SeroXen Crack/SeroXen-install.bat
-
Size
12.6MB
-
MD5
898f49c739026123b6a3811fa31abe70
-
SHA1
31ff6036b40d70d21cb1c4c0163cba0d4c720551
-
SHA256
78b0a14a882dec287c0dc5a294ad02a4a5aaa0d130839d49f282c7d61069471f
-
SHA512
a9aa2bf15db84361f315156ee6386cac49c14c2449a72e2f50b2e0b8d100781019c246c03a38a37d5dfc71a7c1c5451457faba074d1a875cab615ecb8d3e453d
-
SSDEEP
49152:sW7ldCjqzV0qZpSjVbHDGYxqXTQPJee/X5nerh1gnfFijx6ygGSPlPNEIKlfuK1u:i
-
Quasar family
-
Quasar payload
-
Suspicious use of NtCreateProcessExOtherParentProcess
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Deletes itself
-
Executes dropped EXE
-
Indicator Removal: Clear Windows Event Logs
Clear Windows Event Logs to hide the activity of an intrusion.
-
Hide Artifacts: Hidden Window
Windows that would typically be displayed when an application carries out an operation can be hidden.
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Defense Evasion
Hide Artifacts
1Hidden Window
1Indicator Removal
1Clear Windows Event Logs
1