General
-
Target
fud2.exe
-
Size
3.2MB
-
Sample
241217-hamvdasrcz
-
MD5
3dc1d39a2ebeb5dc85da7e8c3d6e3aaa
-
SHA1
4cfcddc23cc0949ca620474edef6c82a2c2280d3
-
SHA256
5ee53e7e25a03aff5a92dd99804ecc38795f7513437e82be670b9e0b61a98ea4
-
SHA512
77dfdb50b408c3e88a18b0aae3eac9e2001f6041b406aef2d298e35cf49b51d921afeb5526930a44dc4e12294cd31c3f9fed74871c8bb0e9989e6a912131a65a
-
SSDEEP
49152:tkvXI22SsaNYfdPBldt698dBcjHIGRJ6ybR3LoGdJTHHB72eh2NTC:OvY22SsaNYfdPBldt6+dBcjHIGRJ6sZ
Behavioral task
behavioral1
Sample
fud2.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
fud2.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
quasar
1.4.1
hacked-fud1
192.168.100.10:1412
a685d3ed-d174-40b7-9655-c2bfab3ed130
-
encryption_key
2A5F3DAC380078962166175BD172DE2D4AA07E26
-
install_name
fud2.exe
-
log_directory
Logs
-
reconnect_delay
3000
-
startup_key
Microsoft Service
-
subdirectory
SubDir
Targets
-
-
Target
fud2.exe
-
Size
3.2MB
-
MD5
3dc1d39a2ebeb5dc85da7e8c3d6e3aaa
-
SHA1
4cfcddc23cc0949ca620474edef6c82a2c2280d3
-
SHA256
5ee53e7e25a03aff5a92dd99804ecc38795f7513437e82be670b9e0b61a98ea4
-
SHA512
77dfdb50b408c3e88a18b0aae3eac9e2001f6041b406aef2d298e35cf49b51d921afeb5526930a44dc4e12294cd31c3f9fed74871c8bb0e9989e6a912131a65a
-
SSDEEP
49152:tkvXI22SsaNYfdPBldt698dBcjHIGRJ6ybR3LoGdJTHHB72eh2NTC:OvY22SsaNYfdPBldt6+dBcjHIGRJ6sZ
-
Modifies visiblity of hidden/system files in Explorer
-
Quasar family
-
Quasar payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1Scheduled Task
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1Scheduled Task
1Defense Evasion
Hide Artifacts
1Hidden Files and Directories
1Modify Registry
2