Overview

overview

10

Static

static

3

cdf9cce1b0...eN.exe

windows7-x64

10

cdf9cce1b0...eN.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    cdf9cce1b044f8b50b423e61c390ba52b73e1eb274dfce1c2691772570bd601eN.exe

  • Size

    498KB

  • Sample

    241206-z1ep5axngs

  • MD5

    415ec6480b4bf02f81f5e9ea21febf30

  • SHA1

    23d1ddacf0f510156075604b30059fde9934410b

  • SHA256

    cdf9cce1b044f8b50b423e61c390ba52b73e1eb274dfce1c2691772570bd601e

  • SHA512

    c7742a551b96f4aebd372c27dcaeab885eff590c4b2d3273d4c89675f8776a66219a1261f25520e008f15ba3f9b1c3085931efc91f41338fae2e09a51cf7c48a

  • SSDEEP

    12288:3bTrOWFYTzFpaioEoKibiDfq1NznYtK++0AY8fV2Ex82HzlGnmtwa4JwaC1rFDZM:rOWFepgio59nMKj0ABV2+Y7J1

Score
10/10
quasardiscoveryspywaretrojan

Malware Config

Targets

    • Target

      cdf9cce1b044f8b50b423e61c390ba52b73e1eb274dfce1c2691772570bd601eN.exe

    • Size

      498KB

    • MD5

      415ec6480b4bf02f81f5e9ea21febf30

    • SHA1

      23d1ddacf0f510156075604b30059fde9934410b

    • SHA256

      cdf9cce1b044f8b50b423e61c390ba52b73e1eb274dfce1c2691772570bd601e

    • SHA512

      c7742a551b96f4aebd372c27dcaeab885eff590c4b2d3273d4c89675f8776a66219a1261f25520e008f15ba3f9b1c3085931efc91f41338fae2e09a51cf7c48a

    • SSDEEP

      12288:3bTrOWFYTzFpaioEoKibiDfq1NznYtK++0AY8fV2Ex82HzlGnmtwa4JwaC1rFDZM:rOWFepgio59nMKj0ABV2+Y7J1

    Score
    10/10
    quasardiscoveryspywaretrojan

    • Quasar RAT

      Quasar is an open source Remote Access Tool.

      trojanspywarequasar

    • Quasar family

      quasar

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks