Extracted

• • Target

    Uni.bat

  • Size

    14.9MB

  • MD5

    225b558de510373ee6c88501d29dcabe

  • SHA1

    719bf612b25cb1d524898affd5212d9cae30a3c7

  • SHA256

    93ad65205b2752f3cdcccb5531f2a5196f551e27b3eeb1b656e734eab44b3250

  • SHA512

    6fa3d6f259e9de8dae8536bbe7a47ab62b0642799c310eadc502b7b0dbd8ccfc9cb9dcf619b32aa97a93931a13d52d29a67829f51076da9d49741880050a2b48

  • SSDEEP

    49152:KncqI9jt+YbH6/BYYrunkbDwbSBU0b1W2R+SFLNXtpEmRwbj4VzjI78/CKFTp7J3:8

  Score

  10^/10

  executionquasarseroxendefense_evasionspywaretrojan

  • Quasar RAT

    Quasar is an open source Remote Access Tool.

    trojanspywarequasar

  • Quasar family

    quasar

  • Quasar payload

  • Seroxen family

    seroxen

  • Seroxen, Ser0xen

    Seroxen or SeroXen aka Ser0Xen is a trojan fist disovered in late 2022.

    trojanseroxen

  • Command and Scripting Interpreter: PowerShell

    Run Powershell and hide display window.

    execution

  • Checks BIOS information in registry

    BIOS information is often read in order to detect sandboxing environments.

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Deletes itself

  • Executes dropped EXE

  • Impair Defenses: Safe Mode Boot

    defense_evasion

  • Hide Artifacts: Hidden Window

    Windows that would typically be displayed when an application carries out an operation can be hidden.

    defense_evasion

  • Drops file in System32 directory

  behavioral1behavioral2