Extracted

• • Target

    applecleaner (1).exe

  • Size

    6.7MB

  • MD5

    cad8354da177706b2d48dd9d0642d9f0

  • SHA1

    ea69a1e3cf00894543bb40f5ee4251439e3b2252

  • SHA256

    62fc499b88eeb0334509ede6bba0f67dcdce5eb7954e5cbd2adfaabc0e2d405e

  • SHA512

    f9dc85730ee4e729358a9acf3d5ace4aa146f16736dd368308c2feb4ee876d0a60b586907aa556ea357459eeb2c678451667ae4bb5dee3e94c2ca39719945f78

  • SSDEEP

    196608:3pm+PJQbtnYGscd8rQcDw9Le+3L+cES9SDI:3pm2MnYG96jR+3LM

  Score

  10^/10

  quasarretiggadefense_evasiondiscoveryevasionspywarethemidatrojanpersistenceprivilege_escalation

  • Quasar RAT

    Quasar is an open source Remote Access Tool.

    trojanspywarequasar

  • Quasar family

    quasar

  • Quasar payload

  • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    evasion

  • Modifies Windows Firewall

    evasion

  • Checks BIOS information in registry

    BIOS information is often read in order to detect sandboxing environments.

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Deletes itself

  • Executes dropped EXE

  • Themida packer

    Detects Themida, an advanced Windows software protection system.

    themida

  • Checks whether UAC is enabled

    evasiontrojan

  • Drops desktop.ini file(s)

  • Network Service Discovery

    Attempt to gather information on host's network.

    discovery

  • Obfuscated Files or Information: Command Obfuscation

    Adversaries may obfuscate content during command execution to impede detection.

    defense_evasion

  • Checks system information in the registry

    System information is often read in order to detect sandboxing environments.

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  behavioral1behavioral2behavioral3