Overview

overview

10

Static

static

1

WVX0HPs9.bat

windows7-x64

WVX0HPs9.bat

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    WVX0HPs9.bat

  • Size

    3KB

  • Sample

    250219-sjdm6stjbz

  • MD5

    6311ef928819a3db31bf7a4ab82659c9

  • SHA1

    22756e3473424eb89bd9192d521a988eb5b1a6ec

  • SHA256

    5ca9a2c19250bb7e24b1ce6de998386902f85e02d0dc777bc966f89f7b6c72df

  • SHA512

    e8622625710f856699b81652f124419c1281996bb9813bde102b2e776605000a989dcf591b47e4e9915e9b1333c95d6fdfa6357fa6d1d2f00dbc6e4d6c922683

Score
10/10
quasarmangoexecutionspywaretrojan

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

Mango

C2

127.0.0.1:55

Mutex

81144d00-03a7-411e-ad0a-85c775a5c9b6

Attributes
  • encryption_key

    5A734203EC0AA048E5F7AC95F09DDA0772C38162

  • install_name

    Mango.exe

  • log_directory

    Logs

  • reconnect_delay

    3000

  • startup_key

    Runtime Broker Startup

  • subdirectory

    SubDir

Targets

    • Target

      WVX0HPs9.bat

    • Size

      3KB

    • MD5

      6311ef928819a3db31bf7a4ab82659c9

    • SHA1

      22756e3473424eb89bd9192d521a988eb5b1a6ec

    • SHA256

      5ca9a2c19250bb7e24b1ce6de998386902f85e02d0dc777bc966f89f7b6c72df

    • SHA512

      e8622625710f856699b81652f124419c1281996bb9813bde102b2e776605000a989dcf591b47e4e9915e9b1333c95d6fdfa6357fa6d1d2f00dbc6e4d6c922683

    Score
    10/10
    executionquasarmangospywaretrojan

    • Quasar RAT

      Quasar is an open source Remote Access Tool.

      trojanspywarequasar

    • Quasar family

      quasar

    • Quasar payload

    • Blocklisted process makes network request

    • Command and Scripting Interpreter: PowerShell

      Using powershell.exe command.

      execution

    • Executes dropped EXE

    • Legitimate hosting services abused for malware hosting/C2

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks