Overview

overview

10

Static

static

10

Cryptor/Cl...lt.exe

windows7-x64

10

Cryptor/Cl...lt.exe

windows10-2004-x64

10

Cryptor/Cryptor.exe

windows7-x64

5

Cryptor/Cryptor.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Cryptor.rar

  • Size

    2.4MB

  • Sample

    241228-f47erswqap

  • MD5

    ef9f68af5f34a034d845dad9bdd07ea0

  • SHA1

    3b49d6f588c159edd24f9141d9022e7b48c4ca40

  • SHA256

    3c929d7c2dfe5638f93422aa26f6b6ef06624d0f8daa49887db9aac351d7b9d4

  • SHA512

    22055cb369163c9d2f568597cdfec0d6e966f7c570ee8d7317c51a557cc82359dc20e0eb6db7a75be358fdec7bb3b13e7a18ddc572da962dc9fcf31197898531

  • SSDEEP

    49152:TBYnZhZAnf0ELHn8173pGCxrdqO+MuM4x+OBx4grZO1qiWbvPvQIaa2NQ:dYnZkMqctpRxrdq7Q4trXO1M7Q42NQ

Score
10/10
lucastealerquasaroffice04credential_accessexecutionspywarestealertrojanupx

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

Office04

C2

127.0.0.1:4782

Mutex

b8be2b57-3322-4df8-967c-65aedf2d425d

Attributes
  • encryption_key

    5871F8D84AF9E4D8F5ABACF2A5DD66E256B5A672

  • install_name

    Client.exe

  • log_directory

    Logs

  • reconnect_delay

    3000

  • startup_key

    Quasar Client Startup

  • subdirectory

    SubDir

Targets

    • Target

      Cryptor/Client-built.exe

    • Size

      3.1MB

    • MD5

      ffde80003bb39e45f92460a84b343771

    • SHA1

      1ada86e287115526fc12d74865de3ca0c59c8c08

    • SHA256

      e057b678ff3bca92b8672af195249608bcb56cfd01c1980d14b7c3e4d6952c8b

    • SHA512

      4ae9adb21f511b1d114d5258d24d5b138a387149c593ed0743ad644ddb9461a248919ed305dbaae6b9beed9ed4525f8ad23a653c4b6507e7a021ea05a35961b4

    • SSDEEP

      49152:uvRt62XlaSFNWPjljiFa2RoUYI9yL37ar1LoGdZ+47UTHHB72eh2NT:uvb62XlaSFNWPjljiFXRoUYIA3O

    Score
    10/10
    quasaroffice04spywaretrojan

    • Quasar RAT

      Quasar is an open source Remote Access Tool.

      trojanspywarequasar

    • Quasar family

      quasar

    • Quasar payload

    • Executes dropped EXE

    behavioral1behavioral2

    • Target

      Cryptor/Cryptor.exe

    • Size

      1.4MB

    • MD5

      be8d7f63ae91ef58a4853e9c5de5a5ff

    • SHA1

      939236b40db18617f1dc9c603d50338f1145fdf7

    • SHA256

      8f992b2af11e47c2bb264da9ee9089a90b9aa3566513d8e9128a4d0972d99724

    • SHA512

      bfac67fd683ef0dc433c42cfce0066933344f728fe93b4cc9aeec30af27402f959534fb04fd5ca0fc2e4bfa87732091368b96b3340730c210dae6e480d0c1262

    • SSDEEP

      24576:u4S0Ghs4lzScgXF+7LHYo1wT/nQiHQTeSQzhEdCf9AGwAFbEEvtIwH9vx4mb5xpN:rrGWESTVpoO/nkSJzhEm9brvKwH9amJN

    Score
    10/10
    upxlucastealercredential_accessexecutionspywarestealer

    • Luca Stealer

      Info stealer written in Rust first seen in July 2022.

      stealerlucastealer

    • Luca Stealer payload

    • Lucastealer family

      lucastealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Unsecured Credentials: Credentials In Files

      Steal credentials from unsecured files.

      credential_accessstealer

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral3behavioral4

MITRE ATT&CK Enterprise v15

Tasks