Extracted

• • Target

    3394df243b24f41c13e7c1e37be4285ff662cd969fa653f377b1f984ee474a0b.bat

  • Size

    3.4MB

  • MD5

    f06fd82f34a91ec7ec3a2f242daa5699

  • SHA1

    31625c87b890569ab23b1556d37400deefbbe03c

  • SHA256

    3394df243b24f41c13e7c1e37be4285ff662cd969fa653f377b1f984ee474a0b

  • SHA512

    31b7e30d6d3194eb83619b8006d38a87e4cb807aadc284f1c4acc5c03f701a154bad50a13a730b211443f9730c46e15b13c00f4b3994b53261efc17fd685b50a

  • SSDEEP

    24576:ouCQ1lZkZ4Cs5O1MvmcQX4oZZtOHiBmXj5vAj/oSpaCj76RzfkvS9GnWN+uuQG48:+EHLmI4OH9mjra3avfWIdW1M399qlY

  Score

  10^/10

  executionquasardiscoveryspywaretrojan

  • Quasar RAT

    Quasar is an open source Remote Access Tool.

    trojanspywarequasar

  • Quasar family

    quasar

  • Quasar payload

  • Suspicious use of NtCreateUserProcessOtherParentProcess

  • Blocklisted process makes network request

  • Command and Scripting Interpreter: PowerShell

    Run Powershell and hide display window.

    execution

  • Command and Scripting Interpreter: PowerShell

    Start PowerShell.

    execution

  • Checks BIOS information in registry

    BIOS information is often read in order to detect sandboxing environments.

  • Drops file in System32 directory

  • Suspicious use of SetThreadContext

  behavioral1behavioral2