Overview

overview

10

Static

static

3

FAKTURA DHL.exe

windows7-x64

3

FAKTURA DHL.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2ca0e0ba5f02125e134445ef09d7d2f8a8bd61239886bcf4602aa94cf19e227c

  • Size

    3.6MB

  • Sample

    250205-bkpy6a1rfw

  • MD5

    50ac1c80c21b03120c2226afc9455da2

  • SHA1

    e0bf5f2d240916f37dea306759f312cda7048cb2

  • SHA256

    2ca0e0ba5f02125e134445ef09d7d2f8a8bd61239886bcf4602aa94cf19e227c

  • SHA512

    6b0b7a1b8d4417da15d6867e0be33d82f1d5ca86cd88dc9cdb1ee28d6bbf18ee2d51f6f24166f69d79538ac42c1fd140eac3a01cb62196c2fb03cf5a86656b46

  • SSDEEP

    98304:K5PDTHU3sKQRUAjee2Rm433tq4jiJtlVUrUMm4fJvtW9TF:KBDDwBQBjimDvv2egJC

Score
10/10
quasarsimdiscoveryspywaretrojan

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

SIM

C2

yuba.ydns.eu:6921

Mutex

c1407Qq42e-4199-420b-b7e3-f2181EdZ44b38970

Attributes
  • encryption_key

    9AE9A56EA56429B2803AB077CB5D2AE3FDEA1BD6

  • install_name

    Edge.exe

  • log_directory

    Logs

  • reconnect_delay

    3000

  • startup_key

    Microsoft Edge

  • subdirectory

    SubDir

Targets

    • Target

      FAKTURA DHL.exe

    • Size

      3.7MB

    • MD5

      7c5ba84841c124268a70f0a668d851cb

    • SHA1

      b427e9c43f0a1a361f7bf38d5ea829e09a986f54

    • SHA256

      6af042955207ac4aa13b739d44ab6292af8892ac013444326d15ead0fefdfabe

    • SHA512

      523a026f20a80a120e107fbe32bcf8f8434910f9d20ae12c0cf4469b5a61fe120553f952c1724451ec40d3d043a874b57612278d9ed5834f9e85b4aaf928e64a

    • SSDEEP

      98304:2XxBLBJqj8ysrESFeA4xEa375aqJeZhd9ijkMCIhNVT+lLb:2X7LjgFs5FUEfX3gqANG

    Score
    10/10
    discoveryquasarsimspywaretrojan

    • Quasar RAT

      Quasar is an open source Remote Access Tool.

      trojanspywarequasar

    • Quasar family

      quasar

    • Quasar payload

    • Executes dropped EXE

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks