quasar | 7cb37cd110a388998ce95819da915446331f614a5da8d5cfeed953812ada23f1 | Triage

Submit
Reports

Overview

overview

Static

static

SeroXen.exe

windows11-21h2-x64

Sharing

General

Target

SeroXen.exe
Size

38.6MB
Sample

241226-zq9shszmek
MD5

89a7d73bad622bbd0b9dfb8e80f8c42e
SHA1

f1ac96f1d956254c6b2209f457355da89c987d8f
SHA256

7cb37cd110a388998ce95819da915446331f614a5da8d5cfeed953812ada23f1
SHA512

760e8e7087ac107ec9e12caaa26968142ddd62ddd82d0e6abfcaa35de8f03917323e97147e72b63fb3dca27756726f4f8fa68f89f9e5acc70898c4c4b0a7bdd0
SSDEEP

786432:anvEMOXrlkmTo5oJqpP2jXHUOqL4UoncLbd+fMY4RPHpHCpqBa4CE:anMMIrX05LsT0OqL4Uocd+fM/PlCpqcE

Score

10^/10

quasar evasion spyware themida trojan

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

SeroXen.exe

Resource

win11-20241007-en

quasar evasion spyware themida trojan

windows11-21h2-x64

9 signatures

150 seconds

Malware Config

Targets

- Target
  
  SeroXen.exe
- Size
  
  38.6MB
- MD5
  
  89a7d73bad622bbd0b9dfb8e80f8c42e
- SHA1
  
  f1ac96f1d956254c6b2209f457355da89c987d8f
- SHA256
  
  7cb37cd110a388998ce95819da915446331f614a5da8d5cfeed953812ada23f1
- SHA512
  
  760e8e7087ac107ec9e12caaa26968142ddd62ddd82d0e6abfcaa35de8f03917323e97147e72b63fb3dca27756726f4f8fa68f89f9e5acc70898c4c4b0a7bdd0
- SSDEEP
  
  786432:anvEMOXrlkmTo5oJqpP2jXHUOqL4UoncLbd+fMY4RPHpHCpqBa4CE:anMMIrX05LsT0OqL4Uocd+fM/PlCpqcE
Score

10^/10

quasar evasion spyware themida trojan
- Quasar RAT
  Quasar is an open source Remote Access Tool.
  trojan spyware quasar
- Quasar family
  quasar
- Quasar payload
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Loads dropped DLL
- Themida packer
  Detects Themida, an advanced Windows software protection system.
  themida
- Checks whether UAC is enabled
  evasion trojan
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

quasarevasionspywarethemidatrojan

© 2018-2024

Terms | Privacy