Overview

overview

10

Static

static

10

SeroXen.exe

windows11-21h2-x64

10

Analysis

  • max time kernel
    2s
  • platform
    windows11-21h2_x64
  • resource
    win11-20241007-en
  • resource tags

    arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    26-12-2024 20:56

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    SeroXen.exe

  • Size

    38.6MB

  • MD5

    89a7d73bad622bbd0b9dfb8e80f8c42e

  • SHA1

    f1ac96f1d956254c6b2209f457355da89c987d8f

  • SHA256

    7cb37cd110a388998ce95819da915446331f614a5da8d5cfeed953812ada23f1

  • SHA512

    760e8e7087ac107ec9e12caaa26968142ddd62ddd82d0e6abfcaa35de8f03917323e97147e72b63fb3dca27756726f4f8fa68f89f9e5acc70898c4c4b0a7bdd0

  • SSDEEP

    786432:anvEMOXrlkmTo5oJqpP2jXHUOqL4UoncLbd+fMY4RPHpHCpqBa4CE:anMMIrX05LsT0OqL4Uocd+fM/PlCpqcE

Score
10/10
quasarevasionspywarethemidatrojan

Malware Config

Signatures

  • Quasar RAT

    Quasar is an open source Remote Access Tool.

    trojanspywarequasar
  • Quasar family
    quasar
  • Quasar payload 1 IoCs
  • Identifies VirtualBox via ACPI registry values (likely anti-VM) 2 TTPs 1 IoCs
    evasion
  • Checks BIOS information in registry 2 TTPs 2 IoCs

    BIOS information is often read in order to detect sandboxing environments.

  • Loads dropped DLL 1 IoCs
  • Themida packer 4 IoCs

    Detects Themida, an advanced Windows software protection system.

    themida
  • Checks whether UAC is enabled 1 TTPs 1 IoCs
    evasiontrojan
  • Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\SeroXen.exe
    "C:\Users\Admin\AppData\Local\Temp\SeroXen.exe"
    1⤵
    • Identifies VirtualBox via ACPI registry values (likely anti-VM)
    • Checks BIOS information in registry
    • Loads dropped DLL
    • Checks whether UAC is enabled
    • Suspicious use of NtSetInformationThreadHideFromDebugger
    PID:5628

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\e598627d-8851-4529-8c98-58e978071e98\C5VM64.dll
    Filesize

    3.0MB

    MD5

    e3bd88b3c3e9b33dfa72c814f8826cff

    SHA1

    6d220c9eb7ee695f2b9dec261941bed59cac15e4

    SHA256

    28e9458a43e5d86a341590eaa83d0da18c29fce81f2383d84bda484e049a1796

    SHA512

    fcb7e384b5bda0f810c4b6190a991bd066eedfc8fc97af9837cda1ba480385c8bc09bd703c1029f9d8d8a3eea3dbc03af97b014b4713a4ceea6ad6ae85b3b6e9

    Download Submit

  • memory/5628-0-0x00007FFFB4833000-0x00007FFFB4835000-memory.dmp

    Filesize

    8KB

    Download

  • memory/5628-1-0x000001D348AD0000-0x000001D34B164000-memory.dmp

    Filesize

    38.6MB

    Download

  • memory/5628-2-0x00007FFFB4830000-0x00007FFFB52F2000-memory.dmp

    Filesize

    10.8MB

    Download

  • memory/5628-10-0x00007FFFAB9D0000-0x00007FFFAC22F000-memory.dmp

    Filesize

    8.4MB

    Download

  • memory/5628-9-0x00007FFFAB9D0000-0x00007FFFAC22F000-memory.dmp

    Filesize

    8.4MB

    Download

  • memory/5628-11-0x00007FFFC6030000-0x00007FFFC617F000-memory.dmp

    Filesize

    1.3MB

    Download

  • memory/5628-12-0x00007FFFB4830000-0x00007FFFB52F2000-memory.dmp

    Filesize

    10.8MB

    Download

  • memory/5628-13-0x00007FFFAB9D0000-0x00007FFFAC22F000-memory.dmp

    Filesize

    8.4MB

    Download

  • memory/5628-14-0x00007FFFB4830000-0x00007FFFB52F2000-memory.dmp

    Filesize

    10.8MB

    Download