Extracted

Extracted

Extracted

• • Target

    Client-built.exe

  • Size

    3.1MB

  • MD5

    06852863597eb1bd83b37bb3b41c98d5

  • SHA1

    d11647b959e42ea8d5faa39db64410e529935176

  • SHA256

    a46695be041bc840e85bfe04c10149437ebf8a756aa1a000e8cb27b99b88eb74

  • SHA512

    9cecea8664556ba436b6e8d6d1b5fdcd6bb72a86ab6d697f663fe6f215e4fe0bf3e4b893fa88a5495fdd814e4567348cd2c92564894f1d6914b54b9de8060c6c

  • SSDEEP

    49152:WvbI22SsaNYfdPBldt698dBcjHts9qBbR0LoGdYCTHHB72eh2NT:Wvk22SsaNYfdPBldt6+dBcjHtSqi

  Score

  10^/10

  quasaroffice04spywaretrojanasyncratv15.4.1 | venomvenom clientsdefense_evasiondiscoveryratstealer

  • AsyncRat

    AsyncRAT is designed to remotely monitor and control other computers written in C#.

    ratasyncrat

  • Asyncrat family

    asyncrat

  • Quasar RAT

    Quasar is an open source Remote Access Tool.

    trojanspywarequasar

  • Quasar family

    quasar

  • Quasar payload

  • Suspicious use of NtCreateUserProcessOtherParentProcess

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Hide Artifacts: Hidden Window

    Windows that would typically be displayed when an application carries out an operation can be hidden.

    defense_evasion

  • Legitimate hosting services abused for malware hosting/C2

  • Drops file in System32 directory

  • Suspicious use of SetThreadContext

  behavioral1behavioral2