Overview

overview

10

Static

static

1

URLScan

urlscan

https://github.com/L...

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    https://github.com/LinodeArmyKnife/naive-stealer

  • Sample

    241230-anq5ys1pew

Score
10/10
quasarv15.6.3 | xendefense_evasiondiscoveryspywaretrojan

Malware Config

Extracted

Family

quasar

Version

1.0.0.0

Botnet

v15.6.3 | xen

C2

studies-royal.at.ply.gg:31849

usa-departments.at.ply.gg:37274

category-in.at.ply.gg:42204
Mutex

bd62476d-8a2b-4e05-a8e5-68cc94baac4f

Attributes
  • encryption_key

    AA41DD5506DCFCA6EE3BF934CC3C9319F80E5E10

  • install_name

    .exe

  • log_directory

    $sxr-Logs

  • reconnect_delay

    5000

  • startup_key

    $sxr-seroxen

Targets

    • Target

      https://github.com/LinodeArmyKnife/naive-stealer

    Score
    10/10
    quasarv15.6.3 | xendefense_evasiondiscoveryspywaretrojan

    • Quasar RAT

      Quasar is an open source Remote Access Tool.

      trojanspywarequasar

    • Quasar family

      quasar

    • Quasar payload

    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Hide Artifacts: Hidden Window

      Windows that would typically be displayed when an application carries out an operation can be hidden.

      defense_evasion

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

    behavioral1

MITRE ATT&CK Enterprise v15

Tasks