Overview

overview

10

Static

static

10

BPLogger-main.zip

windows7-x64

1

BPLogger-main.zip

windows10-2004-x64

1

BPLogger-m...er.rar

windows7-x64

10

BPLogger-m...er.rar

windows10-2004-x64

10

BPLogger.exe

windows7-x64

10

BPLogger.exe

windows10-2004-x64

10

tapi.dll

windows7-x64

1

tapi.dll

windows10-2004-x64

1

x64.dll

windows7-x64

3

x64.dll

windows10-2004-x64

3

BPLogger-m...DME.md

windows7-x64

3

BPLogger-m...DME.md

windows10-2004-x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    BPLogger-main.zip

  • Size

    1.2MB

  • Sample

    250131-e1jc4azrcm

  • MD5

    4f70daa5c48d5a22396f065a816f9b41

  • SHA1

    da08c8711ef8aac407f460e1c8f3f24f53fc81c2

  • SHA256

    77153049f33480d1b665c68aa0732e531f963f9acb04b9e016baafeca3b54dd8

  • SHA512

    dc233af831e31e3e720edb1eeffe36ac2e887f1d048fb8c9a25b5a64c840b68babf8d19b85bcb704f278b7e4edd709d32a6df5d50ed546bafc757d50e07e9c42

  • SSDEEP

    24576:3kjLFxQGJiip1cakQYJu+W4JBuMADnTy4J7aEJk4YfXnDb0FbBpbKEXENPcfVc:UPrQGpEBdJdJBuMqnZJ7aEIfXnDbcbBy

Score
10/10
quasaroffice04discoveryspywaretrojan

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

Office04

C2

wefdwef-34180.portmap.host:34180

Mutex

c4be1726-3f86-4f80-bc7c-0779b06ffeeb

Attributes
  • encryption_key

    97BF1FDCF446A7218FA05296FD8D8F0C41A6B1E7

  • install_name

    Bootstrapper.exe

  • log_directory

    Logs

  • reconnect_delay

    3000

  • startup_key

    Spotify

  • subdirectory

    system32

Targets

    • Target

      BPLogger-main.zip

    • Size

      1.2MB

    • MD5

      4f70daa5c48d5a22396f065a816f9b41

    • SHA1

      da08c8711ef8aac407f460e1c8f3f24f53fc81c2

    • SHA256

      77153049f33480d1b665c68aa0732e531f963f9acb04b9e016baafeca3b54dd8

    • SHA512

      dc233af831e31e3e720edb1eeffe36ac2e887f1d048fb8c9a25b5a64c840b68babf8d19b85bcb704f278b7e4edd709d32a6df5d50ed546bafc757d50e07e9c42

    • SSDEEP

      24576:3kjLFxQGJiip1cakQYJu+W4JBuMADnTy4J7aEJk4YfXnDb0FbBpbKEXENPcfVc:UPrQGpEBdJdJBuMqnZJ7aEIfXnDbcbBy

    Score
    1/10
    behavioral1behavioral2

    • Target

      BPLogger-main/BPLogger.rar

    • Size

      1.2MB

    • MD5

      02f7e1af9b8e6814a2ef3ebdd35dd908

    • SHA1

      2b34deb211e851aad0e4978e6311b01a79a7a9be

    • SHA256

      03894b7e34b167b23dbde4b660087d3bc0aef490097c8fe8dda1e7e5903d70f8

    • SHA512

      a2ac2d110a36c99d790c4b54d7282e62e51a799a059716972022b5f59efb0f461f3c6e0ff5b8cc48a4ffc238577020248a22a35460f7218bbc046e431440b93c

    • SSDEEP

      24576:gkpv3JUiN1ruQuR2MzauUYTQniyqJ1AM5e4QXDDb0fblR/2OXEzPyfvc:NB37ZIWuUiQnAJ1AMiXDDb6blUQEzPyM

    Score
    10/10
    quasaroffice04discoveryspywaretrojan

    • Quasar RAT

      Quasar is an open source Remote Access Tool.

      trojanspywarequasar

    • Quasar family

      quasar

    • Quasar payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    behavioral3behavioral4

    • Target

      BPLogger.exe

    • Size

      3.1MB

    • MD5

      14b871855a9046ef9aedeec80f9c2d86

    • SHA1

      32c0ad34f524748b76c090fc881b75b928341e7e

    • SHA256

      b14b916cd2f188ea09035489056e0bff9f8cb8e4a30eff50172f86319fabc940

    • SHA512

      7ada8280b9a5a4dcb427da5f7634335c191645614148ed550dbbbacfaed72e1e99202caedddc02f48dc73d96bf0ecd4d35c2ed2d6206e9b25efba4f29dcc8e96

    • SSDEEP

      49152:3v7lL26AaNeWgPhlmVqvMQ7XSKlfyCC4KgoGdulF8THHB72eh2NT:3vhL26AaNeWgPhlmVqkQ7XSKlfyg

    Score
    10/10
    quasaroffice04discoveryspywaretrojan

    • Quasar RAT

      Quasar is an open source Remote Access Tool.

      trojanspywarequasar

    • Quasar family

      quasar

    • Quasar payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    behavioral5behavioral6

    • Target

      tapi.dll

    • Size

      18KB

    • MD5

      381575677c1c0c6184138307f1a4cdc3

    • SHA1

      9d89866116e01c0cb9a2e6f31e7d67036b1f1b43

    • SHA256

      8f4f52eae6195ba7f6ba87c6a1288d7d7c2f033bd44e1c0b84a5845ff0f29325

    • SHA512

      2067bdbffaddb244415a7a885e16332c193c6bd05483139720691bd5d5e011006cd6f099e6b8bfc67fd2c0d6921c1e3cf330a6ca7612ddb00f68ccb5bf8e8892

    • SSDEEP

      384:l7/+lxFEJI0FXhjuif72rKqASEuJDgSmq3N5cGljAzMXXwOZsG4cbLUGOP:l7oKJIy66RgEIWOmgUGq

    Score
    1/10
    behavioral7behavioral8

    • Target

      x64.dll

    • Size

      490KB

    • MD5

      35a353e99e306e9c0f46209a91d29518

    • SHA1

      f94a0ee734645eb655e886af7424a2642dbd7fe9

    • SHA256

      5c51c9116bcb31a5c59c55504947abeba1c4ad40e55a138a8fa27a2fc0a16fc2

    • SHA512

      6a1b0ff58f06a54d4d1582905f1335de01680b5a7bb5434f841cb42096f61de0efda371db3645375fb464e15f1894e66c39e187949b9ebaf5ce5310bdbf0105e

    • SSDEEP

      12288:kAJKUzgZn1UIuFkvBA/tZP1cQO6fH250z9eAJiGYaE:kAJKUYqmotF2N6fa0z9/Mj

    Score
    3/10
    discovery
    behavioral10behavioral9

    • Target

      BPLogger-main/README.md

    • Size

      833B

    • MD5

      3b5e5e67f9bc945473630a9b2d7ac214

    • SHA1

      d287db38e281bf68110ab665b54949fe031ce2f0

    • SHA256

      0385a343adfe1facbce68d71ab59274e7dfcc8d69d180b1c3b64b10db29f1b4f

    • SHA512

      3ecab2afebfd497f85ca98220f4173fb85a3bd0c1bd0a4d3982438af071a952e557f70177b88038b792486db03814e4025ef83c24b45c416504d20666caf627b

    Score
    3/10
    discovery
    behavioral11behavioral12

MITRE ATT&CK Enterprise v15

Tasks