Extracted

• • Target

    33C2ADEBFE2C3ACEDFB34FFFF8151B7D.exe

  • Size

    72.2MB

  • MD5

    33c2adebfe2c3acedfb34ffff8151b7d

  • SHA1

    8e93f7ecafa92017a7d528423574ab5cfeec754a

  • SHA256

    773e13fffd0842e717ce55e2a678da37123c55186f9c92460c671261b1654ffd

  • SHA512

    6f545b4da55412ec78de6d1c3bddbcc6bb857b7d13b15fe4bb832259dbe1842d44a02b46395233c23ca57abd34239226a60c9f7ee26fcf82ba383a836f8d61ad

  • SSDEEP

    1572864:yIWs/6+mI5n17YTIytz8ATFiQiFGaaoE13gIFxXtzM/zMfCOA6Z:ssJmIBiTvR8UFiQYGvoq35FVEeCOr

  Score

  10^/10

  quasaroffice04discoverypersistenceprivilege_escalationspywaretrojanupx

  • Quasar RAT

    Quasar is an open source Remote Access Tool.

    trojanspywarequasar

  • Quasar family

    quasar

  • Quasar payload

  • Downloads MZ/PE file

  • Event Triggered Execution: Image File Execution Options Injection

    persistence

  • ACProtect 1.3x - 1.4x DLL software

    Detects file using ACProtect software.

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Event Triggered Execution: Component Object Model Hijacking

    Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.

    persistenceprivilege_escalation

  • Executes dropped EXE

  • Loads dropped DLL

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery

  • Drops desktop.ini file(s)

  • Checks system information in the registry

    System information is often read in order to detect sandboxing environments.

  • Drops file in System32 directory

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  behavioral1behavioral2