General
-
Target
Loli.bat
-
Size
7.3MB
-
Sample
241218-cdmqwsypfp
-
MD5
8a7f2cf2f4a59fc4220c677d3b8df79e
-
SHA1
6bb7854dc78dcb7a5e419e5eec371f4a776bb6a7
-
SHA256
37f8cdab00b96fa1d7f5edd1c0d7ed1c048b7cf0a94b30e4b2fe507dbd69ebff
-
SHA512
15acdd90a51634c1dbfcbee7dd2822742e42c4618e6590e238ac08abbb26c53e3c3e64e98ddb5439c7499af90eca66bb49c7dfeb5b6e01693e4e521fa5edbfc4
-
SSDEEP
49152:ATU9DCJDJw+wDkT1uYtsfLfYJZpXAQfiWBpvuLpCKUYCPFJJ+weKaTYHlFYdWKhL:n
Static task
static1
Behavioral task
behavioral1
Sample
Loli.bat
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
Loli.bat
Resource
win10v2004-20241007-en
Malware Config
Extracted
quasar
-
encryption_key
BF83117B79367DC6A2463E499652930B1A20BE7A
-
reconnect_delay
3000
Targets
-
-
Target
Loli.bat
-
Size
7.3MB
-
MD5
8a7f2cf2f4a59fc4220c677d3b8df79e
-
SHA1
6bb7854dc78dcb7a5e419e5eec371f4a776bb6a7
-
SHA256
37f8cdab00b96fa1d7f5edd1c0d7ed1c048b7cf0a94b30e4b2fe507dbd69ebff
-
SHA512
15acdd90a51634c1dbfcbee7dd2822742e42c4618e6590e238ac08abbb26c53e3c3e64e98ddb5439c7499af90eca66bb49c7dfeb5b6e01693e4e521fa5edbfc4
-
SSDEEP
49152:ATU9DCJDJw+wDkT1uYtsfLfYJZpXAQfiWBpvuLpCKUYCPFJJ+weKaTYHlFYdWKhL:n
-
Quasar family
-
Quasar payload
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Indicator Removal: Clear Windows Event Logs
Clear Windows Event Logs to hide the activity of an intrusion.
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
Suspicious use of SetThreadContext
-