Extracted

• • Target

    Zeno-Loader.bat

  • Size

    7.2MB

  • MD5

    72d00f0024897e8f1df20016101ab45a

  • SHA1

    af3ed84e2ed1de471e4773fb6d06aa0fc1ee0f6c

  • SHA256

    67dfd63675918029facddae2fffc7573597922fbaa18c39d59a22b226d37f881

  • SHA512

    6fe39ed252674f0ff775786aeab76d2decfa289f88cea0422f58d29a5d8a4890906ddef72038b1f652a108c3d3c40ac9dedcf2b4696ba89b10063f41409ba13c

  • SSDEEP

    49152:gMILTqFg07h0GJm30wMjiN7lAMOLSp3q2iK2JxEaaqNaUhAFCuMtZiXC8s2FDFkg:G

  Score

  10^/10

  quasarexecutionspywaretrojan

  • Quasar RAT

    Quasar is an open source Remote Access Tool.

    trojanspywarequasar

  • Quasar family

    quasar

  • Quasar payload

  • Suspicious use of NtCreateUserProcessOtherParentProcess

  • Blocklisted process makes network request

  • Command and Scripting Interpreter: PowerShell

    Run Powershell and hide display window.

    execution

  • Checks BIOS information in registry

    BIOS information is often read in order to detect sandboxing environments.

  • Executes dropped EXE

  • Drops file in System32 directory

  • Suspicious use of SetThreadContext

  behavioral1