General
-
Target
FUD RAT___Obfuscated.bat
-
Size
463B
-
Sample
241224-vy5fjsspfs
-
MD5
a9fdda2577ff67660be21d0d4cd98179
-
SHA1
15432871fed4cbb19ec26eaabcc6b193beebbbfb
-
SHA256
8f18705cf5653667888ea5f2440e984d22c5207e7e5e2fccb68e7ad71f58bb83
-
SHA512
0f43e8b47bdd9d1a2ce65db49868f7698b83bcb5f8d249a29078793e5ca48d75bf8ce99dae00f772c28b766ac761040c0113d9034e7e7d35efb75b39eca5153d
Static task
static1
Behavioral task
behavioral1
Sample
FUD RAT___Obfuscated.bat
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
FUD RAT___Obfuscated.bat
Resource
win10v2004-20241007-en
Malware Config
Extracted
https://whatsabool.online/kingvonpiracyvirus/load.exe
Extracted
quasar
1.4.1
Dumb Niggas
85.209.133.15:111
95ddd19c-037b-4e62-8c64-298b31d663b8
-
encryption_key
04FB780AC53244A8569349610FCC9CFEE3EEB90D
-
install_name
Client.exe
-
log_directory
Logs
-
reconnect_delay
3000
-
startup_key
system
-
subdirectory
SubDir
Targets
-
-
Target
FUD RAT___Obfuscated.bat
-
Size
463B
-
MD5
a9fdda2577ff67660be21d0d4cd98179
-
SHA1
15432871fed4cbb19ec26eaabcc6b193beebbbfb
-
SHA256
8f18705cf5653667888ea5f2440e984d22c5207e7e5e2fccb68e7ad71f58bb83
-
SHA512
0f43e8b47bdd9d1a2ce65db49868f7698b83bcb5f8d249a29078793e5ca48d75bf8ce99dae00f772c28b766ac761040c0113d9034e7e7d35efb75b39eca5153d
Score10/10-
Quasar family
-
Quasar payload
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-