quasar | 7cb37cd110a388998ce95819da915446331f614a5da8d5cfeed953812ada23f1

Analysis

max time kernel
0s
max time network
2s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
26-12-2024 20:53

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

SeroXen.exe
Size

38.6MB
MD5

89a7d73bad622bbd0b9dfb8e80f8c42e
SHA1

f1ac96f1d956254c6b2209f457355da89c987d8f
SHA256

7cb37cd110a388998ce95819da915446331f614a5da8d5cfeed953812ada23f1
SHA512

760e8e7087ac107ec9e12caaa26968142ddd62ddd82d0e6abfcaa35de8f03917323e97147e72b63fb3dca27756726f4f8fa68f89f9e5acc70898c4c4b0a7bdd0
SSDEEP

786432:anvEMOXrlkmTo5oJqpP2jXHUOqL4UoncLbd+fMY4RPHpHCpqBa4CE:anMMIrX05LsT0OqL4Uocd+fM/PlCpqcE

Score

10^/10

quasar spyware themida trojan

Malware Config

Signatures

Quasar RAT
Quasar is an open source Remote Access Tool.
trojan spyware quasar
Quasar family
quasar

Quasar payload 1 IoCs

resource	yara_rule
behavioral1/memory/1976-1-0x00000000012E0000-0x0000000003974000-memory.dmp	family_quasar

Themida packer 5 IoCs

Detects Themida, an advanced Windows software protection system.

themida

resource	yara_rule
behavioral1/memory/1976-9-0x000007FEF2250000-0x000007FEF2AAF000-memory.dmp	themida
behavioral1/memory/1976-10-0x000007FEF2250000-0x000007FEF2AAF000-memory.dmp	themida
behavioral1/files/0x00070000000169f5-8.dat	themida
behavioral1/files/0x00070000000169f5-6.dat	themida
behavioral1/memory/1976-13-0x000007FEF2250000-0x000007FEF2AAF000-memory.dmp	themida

C:\Users\Admin\AppData\Local\Temp\SeroXen.exe
"C:\Users\Admin\AppData\Local\Temp\SeroXen.exe"
1⤵
PID:1976

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\e598627d-8851-4529-8c98-58e978071e98\C5VM64.dll

Filesize
291KB

MD5
47805116d78b2835b38fafef309c386c

SHA1
adb3fce83b5f0997400aaa5c389f706beb4d801e

SHA256
50b71a346de4e36492a8277332e34d10a3cdc763615b0e52430c6a74a4941525

SHA512
50b50390563179324c35817f4e9189b6bec9e7feb6b0c42a6a47da5c0cd9fbbe408789db2b42eef58d3c8c06211fb82ca8ec322b5a34ce106b08e4edc9759cd6

Download Submit
\Users\Admin\AppData\Local\Temp\e598627d-8851-4529-8c98-58e978071e98\C5VM64.dll

Filesize
192KB

MD5
211c74b63d72224d4ad8b95217721b55

SHA1
5cf1fd97b92f07d046c9409ebc93c7824acb9716

SHA256
0455100cb7a8bb5c267fd76551f13f330bd603ea149dbe7e2569f18ce3cdfd35

SHA512
382f2fff507f192a262759a6a8ea4add35c4f473eeaa327a4a0717a008d8bb26d94bd61afb93c115a39ffd72921c474adadf817ec3c7de3a8fd85345371cdd7f

Download Submit
memory/1976-0-0x000007FEF4C83000-0x000007FEF4C84000-memory.dmp

Filesize
4KB

Download
memory/1976-1-0x00000000012E0000-0x0000000003974000-memory.dmp

Filesize
38.6MB

Download
memory/1976-2-0x000007FEF4C80000-0x000007FEF566C000-memory.dmp

Filesize
9.9MB

Download
memory/1976-9-0x000007FEF2250000-0x000007FEF2AAF000-memory.dmp

Filesize
8.4MB

Download
memory/1976-11-0x000007FEF4C80000-0x000007FEF566C000-memory.dmp

Filesize
9.9MB

Download
memory/1976-12-0x000007FEF7010000-0x000007FEF713C000-memory.dmp

Filesize
1.2MB

Download
memory/1976-10-0x000007FEF2250000-0x000007FEF2AAF000-memory.dmp

Filesize
8.4MB

Download
memory/1976-13-0x000007FEF2250000-0x000007FEF2AAF000-memory.dmp

Filesize
8.4MB

Download
memory/1976-14-0x000007FEF4C80000-0x000007FEF566C000-memory.dmp

Filesize
9.9MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads