General
-
Target
Quasar v1.4.1.zip
-
Size
17.1MB
-
Sample
250118-dgv24s1jgv
-
MD5
f6a70eeefd9e2b68fa66b9a50f2487bc
-
SHA1
e28b98c3026fa0ede19019b044ca4fd2a3a3c9c6
-
SHA256
39f2d587186436107497b0f2abf4fc221e2fd08a4d8cde88884bef136cab9e3b
-
SHA512
d94796608409d03279cdf1acc6bc610f0c2d7b7f95873404f97117a49cccc30df58f9bf69b780cb0e004748321e82ce1c3ccccbb7b5c69261bb2b7b7e2b5954a
-
SSDEEP
393216:2EiYksB+KVcnDt90HIOMv/uMQwHLuQ8oSmwPcKf87YbhscmPQ:8YR+3PfpX81PPnqPQ
Malware Config
Targets
-
-
Target
Quasar v1.4.1.zip
-
Size
17.1MB
-
MD5
f6a70eeefd9e2b68fa66b9a50f2487bc
-
SHA1
e28b98c3026fa0ede19019b044ca4fd2a3a3c9c6
-
SHA256
39f2d587186436107497b0f2abf4fc221e2fd08a4d8cde88884bef136cab9e3b
-
SHA512
d94796608409d03279cdf1acc6bc610f0c2d7b7f95873404f97117a49cccc30df58f9bf69b780cb0e004748321e82ce1c3ccccbb7b5c69261bb2b7b7e2b5954a
-
SSDEEP
393216:2EiYksB+KVcnDt90HIOMv/uMQwHLuQ8oSmwPcKf87YbhscmPQ:8YR+3PfpX81PPnqPQ
Score10/10-
Quasar RAT
Quasar is an open source Remote Access Tool.
-
Quasar family
-
Quasar payload
-
Xmrig family
-
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
-
XMRig Miner payload
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Creates new service(s)
-
Stops running service(s)
-
Executes dropped EXE
-
Legitimate hosting services abused for malware hosting/C2
-
Power Settings
powercfg controls all configurable power system settings on a Windows system and can be abused to prevent an infected host from locking or shutting down.
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-