General

  • Target

    SeroXenPTO.rar

  • Size

    49.5MB

  • Sample

    241226-zql2fszmbp

  • MD5

    540f399062f2e223ff671c7d80eb2474

  • SHA1

    a2027ca68b1703e03a836d8e563b4770d29c5391

  • SHA256

    8ae0f170187701c391a7ef44d957dde423be508bff66e13ad7e375153230011a

  • SHA512

    c47555a5501eb029d390711fec1cb747378e1cfd7d0f968e574295805ac2de58e509cf79ff3da8ddbe94e94e4304e6b39b28acb2a179ef6222c41bed62c894c2

  • SSDEEP

    1572864:uMVF3K/MX3oMWm5c/NrsDL2ZVbdo/Wk+jgIg:132pm5O1ILqc/Wnng

Malware Config

Targets

    • Target

      SeroXenPTO/BouncyCastle.Crypto.dll

    • Size

      2.7MB

    • MD5

      0b2aa376251567dbdc15b3a2a0d10c65

    • SHA1

      7e88ad9b36d47ec158d38f97e25f1a2a2fce014e

    • SHA256

      e1b52566d7aa215ee5583d5a5d2cfbc6cfdcd881c47c7785318552bcb41b7cff

    • SHA512

      4cd784ea4fa8c51e5d9c9591b06b7b383a9713ed95a6037ff783838116dc0e24674b8e2f3a908b1e8e1dc18869e9ac5deb03ccabe3d17f18ffb13db695ce609c

    • SSDEEP

      49152:UEVmH5OGnsDVHKL54fKXyrJZd6HIksfqjQN/kIUcXYQ3:EH5OGIOsKXjQ3Uc73

    Score
    1/10
    • Target

      SeroXenPTO/C5VM.dll

    • Size

      1.1MB

    • MD5

      37691c7533a9327f520ebe21faa72191

    • SHA1

      328ba7fe8627883bc3e31b7bf1cd317b442a4c08

    • SHA256

      de6f08708b8bc6562828c7787769d14752b2c1ab0b0e9b34b1ed44987bd2f842

    • SHA512

      b6334eba7103a986d4e2c12b38f34d084ce8d6b986ccb9775ec5d623b988546ce97308ddeb0239a5ec25e9d5782a27c777af7f89e757fdd35047723c4a0afdb4

    • SSDEEP

      24576:sR4E2L2p0QUSOuf4bB8BSpCcpsB7cVGKjCMF4X0eHKfuJVPwgiRkj97EJXn8t7k8:YTV/

    Score
    1/10
    • Target

      SeroXenPTO/Cake.Core.dll

    • Size

      111KB

    • MD5

      c547895e4f6a86bf9db103260d5ce792

    • SHA1

      88491d4d711ccf09f50abbe8799afd27cbef5851

    • SHA256

      25fcb11500bffc21f1ae6cf3f5c4ff2e9450f41f01b6b02bcb5873f6f9b279f0

    • SHA512

      29cc3a8ea9986aabd3995fa403b919f6623226a5604ac5e073c5ef90c8c3a75845b098610e472e9e0d1bf2cc197092afc6710f1a17cc8aabc34fa71fa617c41c

    • SSDEEP

      1536:mSopfJvJPMCPGDFeCnyz1QECafmgOJu5a/p4D6mVENcdt6:mHJP5uDF5nEtVegOA5a/p4Z6

    Score
    1/10
    • Target

      SeroXenPTO/Cake.Powershell.dll

    • Size

      24KB

    • MD5

      271c0ad2a4f25c06d437254ad2d91d68

    • SHA1

      dc347e8af6bdf8aaa2017070166e38c73660d195

    • SHA256

      d3494c0a006915c348d57cce502a0e56d01d6dc1631907604e95e7c323d54112

    • SHA512

      92e3cb01d285a93930dec1b76f9184352ba849b413b2568655f2e4a67cd480d2388caaf6b6d8dbbd7e705a693edd850d105c57b39534a352d58036b7323966f8

    • SSDEEP

      384:pR/zbDSq5s/W44uhQrl0qntPMN4GqTPmydIOnDg4ulTGvd:H/zbDSx/Uui5p04fPmEnD1uad

    Score
    1/10
    • Target

      SeroXenPTO/Gma.System.MouseKeyHook.dll

    • Size

      57KB

    • MD5

      0bf4660c28d0ddf365934c1333c62c2d

    • SHA1

      cf6313bf4f36a00f37b546f7cc5afd93a16bd821

    • SHA256

      a62784297ff461a71e549dd75d0437d37b1cf8d2b88305c6c028ced7555213f7

    • SHA512

      2fd46027bb551aab5fc80185d38b391d53eb34e553fe648b908301ef95a8733043f6d3efc80e547fb25adb02bead39b4c73cd9bc4643190dd128b4d36048ce0b

    • SSDEEP

      768:vYnDJGdu2oE3d7ltSl+Y8sCcm8Doi/L0CPw87qquEZ+r3FhuiFJ8Gr:AncoU48/AzPwYpNZ6rXJ8Gr

    Score
    1/10
    • Target

      SeroXenPTO/Logic.NET.dll

    • Size

      472KB

    • MD5

      f7c48e31a7b79a58cdd0a41b6d57147d

    • SHA1

      6cc9ffdd9f5e70330eb12f0aea8bf890b85a2e88

    • SHA256

      adc96b974ab1520ea0a18b7223f2e0084a52fedc4841f4074c738007fcf3b39d

    • SHA512

      d038abb5220a19b588bc1ad76ee10b2bd20fbfd357a5f8ae6d150a6c419648b518865f96f420c000618ec25ebccd143b0cfc91fde4d754ca6d1b10a6a27985ec

    • SSDEEP

      12288:RvVCoVD990usfOlCdXXJy1sw5D99GJuY9HArdoZqqiZm:R8oKdpyuw5D9wJWojgm

    Score
    1/10
    • Target

      SeroXenPTO/Microsoft.VisualStudio.CodeCoverage.Shim.dll

    • Size

      7KB

    • MD5

      dfefa869d2f7675dcbe00beaae68e35b

    • SHA1

      376832c08f93aa72fa240c63debd044426a0519f

    • SHA256

      1b0c98a0ef3ab84d4dac3459bcdde70928eecb02ef4d575d3f264ff054800529

    • SHA512

      c102383f5ce1b92d4b30737e8636cdb0f835aacfb479094c286b7f7f31008064f9229a460aa1e3b03c70db40b0d3d1fc2f9ff0765cba7f4b26b7c13ec06dbae1

    • SSDEEP

      96:CQabibnD54HXPQGxvKAWQDdiDL1Il5SWPTgleSn6WPLYu8G7GX:CqjDofNxCV1I2W7e6WT0

    Score
    1/10
    • Target

      SeroXenPTO/Microsoft.VisualStudio.TestPlatform.MSTest.TestAdapter.dll

    • Size

      124KB

    • MD5

      c462573a9dd520cd2e03652ca0ec9396

    • SHA1

      f872d79e5027b87548d1e6e3cd66c1fe4f0efc88

    • SHA256

      5bfc5abe8bfcf35e4562d4782e5babeb5708db2d8714fd2170212384d2652d9b

    • SHA512

      3b021015e005fbbbcca15e3249833e53715c57d867e7f876c00a5d5943bac3c192a63b02daeefc082b7f16373eb6503da0f8ca5722a272ef6d77df39b9e23320

    • SSDEEP

      3072:19DFl7hiU7MK/C2ZZ6uw2HZRBUDIrmbu+c3B5HZttOPVY7PzaL2CKJ8Yo:9iUAK/CoNHZPULST3B5HZttOPVY77aac

    Score
    1/10
    • Target

      SeroXenPTO/Microsoft.VisualStudio.TestPlatform.MSTestAdapter.PlatformServices.Interface.dll

    • Size

      9KB

    • MD5

      4539091fa699d00d9f55bd2281139dad

    • SHA1

      faccb1f6f70ea6fc19d5466b3ee53c660a313aa0

    • SHA256

      bd19ce084093cb05a4186115857fb9d474c40da992a29629333b4b4247a4dedd

    • SHA512

      2bffc4db6f65a33aa925009a64eacc2e995faa82c8aac11edbba9e9b4ddb1de79af4d15e92af7644a62f6343b8170804341069ed791d892e20806499eb855682

    • SSDEEP

      192:uCwc44i5A4vBYfWcUeKD8xJ5zBy/TW0xk:xi5AIBIW+KDq8LW0a

    Score
    1/10
    • Target

      SeroXenPTO/Microsoft.VisualStudio.TestPlatform.MSTestAdapter.PlatformServices.dll

    • Size

      99KB

    • MD5

      f838683824ebb1b333e7056b529e69d3

    • SHA1

      d268808d3eac421a69ef4bb5b38fd86e65fdbf4b

    • SHA256

      ec9a93948560fd6f5e219e01850946ef94992e18a0309b27d8df5f3420b23ac2

    • SHA512

      d4131748842e149be5a7e75a6b7f362ad572973477c74ca6b21ae276acac6359ac6f7c49d0c6fd770775a77b612ef15fa820ae87cdc285511048fa27271db3c0

    • SSDEEP

      1536:ftdZMxG+d5x8JcNBaVV7nOHzVbKihRauFHQgMNfaElrsff95gUdR16gKAh8W1J:f44cNBSpOHBKihRaEQAEqff9VdRf8AJ

    Score
    1/10
    • Target

      SeroXenPTO/Microsoft.VisualStudio.TestPlatform.TestFramework.Extensions.dll

    • Size

      25KB

    • MD5

      4777abb42cb84efcb672f88ec9c822b9

    • SHA1

      1920baf31c6afd29dd58a570ab6cfde4a2b0e47b

    • SHA256

      772a5b4160b0f68043e1fcf08c05fe6e7db064cc3d8fb967baaca74b52f7685c

    • SHA512

      e39596a6dd6643aa0c4b53d95589133aeafbe0826610c08259407a24620c523d4055ced35c8fac67cd21b8aeea6d19465aaca9d76c3dadca0d2edf228094c5c0

    • SSDEEP

      384:grDjuKfEO77j7K+Hw63UZg+fzlgl8hb4bb/6bQfEKAM29cSaKjmST2ozngxYaWH/:EfuKfVzsgFCQxA5/mWng2O2

    Score
    1/10
    • Target

      SeroXenPTO/Microsoft.VisualStudio.TestPlatform.TestFramework.dll

    • Size

      58KB

    • MD5

      324815abb2445918ef92d6b9ef33cb9f

    • SHA1

      f2c566e4013e97ee86238b4d8c3f1c05134cabd7

    • SHA256

      2c527e9a559da4ffec4c78e535b51d87a73703266428a6464c7fa79cbe706238

    • SHA512

      ddf842da018318baeefcc6c9e291dfaea79f970c1f5ece4b023092833b3ccf9a571c445787e2e45a1835ce8cb6edca120a7c6736521af7bce08b2b4ba2f1813e

    • SSDEEP

      768:kQK6GEpsh6tjavt/VhlPeMHi3klMdARhdhlD7pxva6K8W2FXvhLmiqc0WvnZHXMT:JDGEpNyr/CMfTCpRivvDWN+gqHof0q3V

    Score
    1/10
    • Target

      SeroXenPTO/Mono.Cecil.Mdb.dll

    • Size

      43KB

    • MD5

      308bff23291c88669892a50e65652d76

    • SHA1

      951baafb6ae175722e3285f1908b174a83a77bf0

    • SHA256

      91d67e936fff5d3ac2749c9b13ceebbdea1b3bd4bc24c5cffe55ea9ab4f2eecd

    • SHA512

      85183ee053984d7b94e727860da237f85b06042713841f467d433b4d74875be231e712dece0514bd473078a0b0bddb0803c7cf2c2d7345fa27fe541b3d41a4bd

    • SSDEEP

      768:sr5EYZep98C87KHeBUZwrEF7b+gxfM3AkMus4iWJq9F4CRIcZwMRTIzyAt9U2T:sr59g98C87KHeBUbwgKirbdwMRTzAt9R

    Score
    1/10
    • Target

      SeroXenPTO/Mono.Cecil.Pdb.dll

    • Size

      88KB

    • MD5

      c218304c5a8186312a9360ae28092cf4

    • SHA1

      d6ce633f2d43e1a7efb223604db7763e2c651442

    • SHA256

      7f14d1eb2f0fa845bf1ec4a388024a204ff5ed8ad067740fb0372ff8f0236055

    • SHA512

      a190663d5854e2ca096a8abcb2475d4ba2005cd1d9417d876cf706d1000c474c63e26c2ce52b004e50b5af6744a3f99ef215e51c44c335f43a8e7fbffe172c7b

    • SSDEEP

      1536:qU2qJ+RazRt/Kc4oJiOxFR4NdJF0/RfhF46HAoYKHgPzpS6w7fa1C9rj:t2MRtrfrR+Pe/xAiAzpQ7y1C9rj

    Score
    1/10
    • Target

      SeroXenPTO/Mono.Cecil.Rocks.dll

    • Size

      28KB

    • MD5

      e6195a1f9eb3b2859eded91946cc4e01

    • SHA1

      4eb50da3f54d8acc76e6a84ec5ce11d67418f2bd

    • SHA256

      736e2df0e2365b3d25da3c76783506669b4055477a5b0b0736527985fe6a09d2

    • SHA512

      e0f225f712cbb98dc2adb023ad162bee8a1a572fac5d8c8d1cebd8f2f5d49ee93c684d0393c0af447a68ac15f4cf51cb927af934fac9c682113a7236cd33070a

    • SSDEEP

      384:d0ve8JOuJTiC7n2NwxEXCnjB+RXcMeDz8PmR1ugLoaeuLMBG9UphJAprjEduFLHj:d+meiCyrXOwS8uRssveum1peFLHFBbOa

    Score
    1/10
    • Target

      SeroXenPTO/Mono.Cecil.dll

    • Size

      338KB

    • MD5

      6930ba212fe20aed8da228fc4c9ee3c0

    • SHA1

      bfedc88f33504349c15bbe02a75794a40978af4f

    • SHA256

      2f7af51f2f4daddb812dc0662d1cbcca7709009a50402ab42e93853ce5a5231f

    • SHA512

      4f0f852c36a37762b83a4174f37503becb667924448609c2cbfd7596239d10b5e7ef53bb1214b4f7b4c5cde42d3b9d1a70758ea422c4983b3348ba61e61f1b99

    • SSDEEP

      6144:ZFzzF5VOCxfiKKhsw4NiL0XRzx9WoCklyusA:TdfiKI4RzWSyuR

    Score
    1/10
    • Target

      SeroXenPTO/Open.Nat.dll

    • Size

      69KB

    • MD5

      b4a7971e8670909af6c07653b22f826f

    • SHA1

      3d6ff9a071610b6b4b559a746fcebcccf9178f8b

    • SHA256

      bcc97db5c226d251bd77f812ee1f2a02ac8f5d9b90849dfea75bf5285744b4af

    • SHA512

      0a128c6d07fb0054086d49ff8109537632bb09662d2e2e5f5ddd06236aa4bc40ff82a2285cf3e34e2b0ebb6fd11ca120b9cceb56241da757232aff952652da76

    • SSDEEP

      768:uF6vHHLFkywkNh5qtHMjkCifoydVXw5FxusiolecziijiSvD+ZGFa4Pw6OdrGHUI:KGmyJNh0tbt3MLQ9W2rG0YddF

    Score
    1/10
    • Target

      SeroXenPTO/PTOAuth.dll

    • Size

      2.3MB

    • MD5

      ced7e9cdea3c1dceedab64214c6dcb83

    • SHA1

      73da7147478f83db810de4680e1e4fad13281a93

    • SHA256

      4287556856619243ab4546046cea447e2481b2e7a1e7a26855f28d49918bfd87

    • SHA512

      dee3a60236f044b7bee7baa384db5b9ecaa291d83583fa40cbac561e1419a481901a728d632653c150d5588ed29336fd64473e5ec5dbf11e7ca294c8dd278faf

    • SSDEEP

      49152:2COdg51mM0knpovqeMWgzQ41R9aMG9rZRikJNyVAuO2HA:2Jq5EkpEqeMbz9m3RZn/n2g

    Score
    1/10
    • Target

      SeroXenPTO/Quasar.Common.Tests.dll

    • Size

      7KB

    • MD5

      a750cb6b455577ca1f5d7679cd7b3bc3

    • SHA1

      fd74c8f68ef0fa7d10f96289b07b5ba09b18a6a0

    • SHA256

      8d4e1a22b89a247dbfb98f63e82d338b2138630d6ab6b40e2192bc0eaff327d9

    • SHA512

      d18bac37580ae5c88637d497abed6c1bde58706a27e887085045c93c60b374600af356221b4aac4cb3aaa1d605322cfbaba96ee51e4b0c5deda518d333f2c5a4

    • SSDEEP

      96:5W2zmDjGTY4XpsGD/pzLrSS/B4uhCd08ijAm6tuX8G7GXUB9tY:kyTYisMFSS/B7hCd0lGIWUB9O

    Score
    1/10
    • Target

      SeroXenPTO/Quasar.Common.dll

    • Size

      65KB

    • MD5

      2619ca00c128ccfc2b06ccfa461bedde

    • SHA1

      748456ea96142bcd1df3fac6eaf23b91acfc3497

    • SHA256

      fa1a9aec3a7bddd4732462c7dc48eb13fa0e7f0675a739003840be7a8ff8bc9a

    • SHA512

      1615742435669132087a34fec2832f66b6476176c9b4839c5a64299a95c47ca2ffd1fdac015875178eb7d02320cd1ce0090cc908557527f5cf102ca8f38835c5

    • SSDEEP

      768:CiF6Vg9HIxFMu9brfp0kUE0DBTohfDgx/FDgoFzpKZL8EU4+YoIYlYEY7oAaI+wb:O5uz1eMVB9HnMPb0xsCEUa8w5QM

    Score
    1/10
    • Target

      SeroXenPTO/Renci.SshNet.dll

    • Size

      786KB

    • MD5

      38cd4058d861c08800a2a52ab41f929d

    • SHA1

      9f5f747f2bd6bcb75ff2935833c617718fbe39cb

    • SHA256

      57e8f49f8347c5e9444c138846a85868c52829b8ee99f0bde905e4fb3127339f

    • SHA512

      3e0761550179952e60263ecbe803f0fd3ed32c03712e36e4f6cde53d1a039869bb210d04c1c1bda235226d362dc93d290e7f42291822b5daea4247070a891435

    • SSDEEP

      12288:q5lqga6rBEEKAeWgVmfedIASjLrj3xVvPTrPTrQ2irclmKJMElmMSSMs2:SaPEKRGzGc5Dk1fr

    Score
    1/10
    • Target

      SeroXenPTO/SeroXen.exe

    • Size

      38.6MB

    • MD5

      89a7d73bad622bbd0b9dfb8e80f8c42e

    • SHA1

      f1ac96f1d956254c6b2209f457355da89c987d8f

    • SHA256

      7cb37cd110a388998ce95819da915446331f614a5da8d5cfeed953812ada23f1

    • SHA512

      760e8e7087ac107ec9e12caaa26968142ddd62ddd82d0e6abfcaa35de8f03917323e97147e72b63fb3dca27756726f4f8fa68f89f9e5acc70898c4c4b0a7bdd0

    • SSDEEP

      786432:anvEMOXrlkmTo5oJqpP2jXHUOqL4UoncLbd+fMY4RPHpHCpqBa4CE:anMMIrX05LsT0OqL4Uocd+fM/PlCpqcE

    • Quasar RAT

      Quasar is an open source Remote Access Tool.

    • Quasar family

    • Quasar payload

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Loads dropped DLL

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

    • Checks whether UAC is enabled

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Target

      SeroXenPTO/SeroXenPTO.bin

    • Size

      161KB

    • MD5

      839acc7894ecd3b706277a7c754d1ab3

    • SHA1

      03ceb5f2f82b4e2f6a1b41da9300564d78e0b13d

    • SHA256

      a601e5352480503c69e2baa53c589a40881051965b4220bed1c17a5b36735b35

    • SHA512

      46a713c005b2acc8db03023c63073603fc4a10e578429fe3783279e739b57942892ef5332e8ecf72e7157c50ee02ab1f10a3e681399e72b83714730f945314fd

    • SSDEEP

      3072:olAIk5qzYHg7n2BqNX4GECtRBZAk+5mELcWeKbYj5CSqKZb:O0i2BqR4GE6bx4IhKbKU

    Score
    1/10
    • Target

      SeroXenPTO/System.Management.Automation.dll

    • Size

      353KB

    • MD5

      fcdd963b1a3396feddce34580fd3ae1a

    • SHA1

      97f2cccbdfba8dabc478c7c396e3911efeb42b2c

    • SHA256

      45b9f7a9304d95782b7a33c56f244273610b55d09c0cc4606ff0e60a1d691fce

    • SHA512

      5a2000f60269a7fd793a1a6d3a5d72627ec4941f18f56a054b8b44bdd1ee1da894e088c474d89ef122a3a5d423c7d0553ac87a22ed8ff596f6e61bc0c0cf27e8

    • SSDEEP

      3072:3/SDqTIE+QQVVBCTmAG17iT+Lt8D/1L2iLZdrs81sDotEKjRmarzRm+5gSBZqoEA:3/PXS6WK2iLZdgotEKj9rzRmkgSBAotp

    Score
    1/10
    • Target

      SeroXenPTO/System.ValueTuple.dll

    • Size

      62KB

    • MD5

      8263620fe149733bf77dbbc1ed0404d6

    • SHA1

      f33de515add1dfe9d661b715a0320281809e8e56

    • SHA256

      0c4dd509d90986971ff0734d78b0706ce6ee439a0e6486993160939cd4536fdf

    • SHA512

      1a13cb3aed5d5018099d9945a03265f4a52229b77cdbd6d30fa88d2f5dee1231719528e16f196b3a378615f9c7b2b8c12985355ea116a4f79ce0060a074e8cad

    • SSDEEP

      1536:Q784YWac+abptsy5VyYc/9n1RcGxzeeUVn9KyQgHo0JuresehaAa:Q7N1r9KGI04CCAa

    Score
    1/10
    • Target

      SeroXenPTO/Vestris.ResourceLib.dll

    • Size

      77KB

    • MD5

      05a261f82ee764da3538bfe315267c13

    • SHA1

      3d5753a08b28ef4a15e0743ebef206a9e8e9b0bb

    • SHA256

      2025cea895d10ef139c8a15b7dbe44a788527803109916b24418b3f69211a22d

    • SHA512

      8179c33ecc760d74c18583342ade2c9bc3e97ddeaee59470326ea1e4740f40772a22ad321b61149bdd9cc8bf4156d3942009ae9d2fd5ca70ff6780b2e8e70dc6

    • SSDEEP

      1536:KSSYikTF0Z+sFGu11tIcyI1MtI9eDG3fL7n/:KJYD0Z9FGu11teI1r9ea3/

    Score
    1/10
    • Target

      SeroXenPTO/dnlib.dll

    • Size

      1.1MB

    • MD5

      c044f897673c5d72f631204d36d0dcad

    • SHA1

      6965c721fd730787f505bc6ed630f065b5fcfc19

    • SHA256

      6d6ef70286bdc71c9973aae7069b038bb245ffb83234f98a56359b613810d392

    • SHA512

      5d34825accbbb5afc75fa3932de089430a4184e19f9b35ff7d02e0240445d44e1d8642c0487dd0cfa10791c31696de18cfbee0b626374e7729a428e0de4bb12d

    • SSDEEP

      24576:IHjoaczZfdE55hHl0WQ/OO4yb99MANKtv7f2dcMEE:jm/BQWgwwb

    Score
    1/10
    • Target

      SeroXenPTO/protobuf-net.dll

    • Size

      279KB

    • MD5

      b56edaf753f06bb4d799708df3bca66e

    • SHA1

      e3473ec064a0991312b208f2b905cf46c1975e67

    • SHA256

      ef3c0837dccaaeaf80df19de3bf5b1924afb0dff0971528d0238fc7fab8bc94c

    • SHA512

      817d6c93a5e5a9e4f5e51e0f11728809aea1dea55f484771fed241f3106e4e2963402f7daa6715f2a089a754e4c9c9ccb29f9835ade829dedad9c373cd4f3507

    • SSDEEP

      6144:6kWu4n53u8Q5w+8yxIxM2NUpwMTRHslVzs:H4n5e8kXOMkUp9GlVA

    Score
    1/10

MITRE ATT&CK Enterprise v15

Tasks