Extracted

• • Target

    sigma.exe

  • Size

    3.1MB

  • MD5

    de0f824e7b0c9bbcfaeda08542365e85

  • SHA1

    0a763f50b32c2168aa95d690bea47e9b6a17079a

  • SHA256

    ae4ad769bf337a6181a3c58c7bb87ab012a2c238833ed3e9bafc67ce11788e84

  • SHA512

    bcbc14d334aa17f2e1ad0a6dcf53dc87e7435eb4c72f55dd837f8384a6458c61168d34129a3270812d4b23650b762af0946b8df3fc2a3d747410271da6bf1875

  • SSDEEP

    49152:Pv6lL26AaNeWgPhlmVqvMQ7XSKmnxOEMkVk/Jx1oGdEVWTHHB72eh2NT:PviL26AaNeWgPhlmVqkQ7XSKmnxQj

  Score

  10^/10

  quasaroffice04discoverypersistenceprivilege_escalationspywaretrojan

  • Quasar RAT

    Quasar is an open source Remote Access Tool.

    trojanspywarequasar

  • Quasar family

    quasar

  • Quasar payload

  • Event Triggered Execution: Component Object Model Hijacking

    Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.

    persistenceprivilege_escalation

  • Executes dropped EXE

  • Loads dropped DLL

  • Modifies system executable filetype association

    persistence

  • Adds Run key to start application

    persistence

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery

  • Drops desktop.ini file(s)

  • Checks system information in the registry

    System information is often read in order to detect sandboxing environments.

  behavioral1