Overview

overview

10

Static

static

3

SecuriteIn...08.exe

windows10-2004-x64

10

SecuriteIn...08.exe

windows11-21h2-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    SecuriteInfo.com.Trojan.SuspectCRC.22361.24708.exe

  • Size

    5.1MB

  • Sample

    250420-kh8sxssmy7

  • MD5

    792356f7c40d44cb6b1b377a7b02a008

  • SHA1

    5ef9b84d198977bca60da829601efc9a638686c9

  • SHA256

    0d83301aae4af98108f42ccbc7d9b4e3abcd65c91162fc0bfa8d4e3c86733560

  • SHA512

    f6f9d4c389bf1f91ad471085ef6ee90f989bfe0376d3591d0f4440ceb67c26a89f66865f6fa3fd05fbc4cf860fb7a98397242552374367e34ee9b87164f8970b

  • SSDEEP

    98304:FZKWn+ek5LTdM/9sIVbjATvMJDOf7EoAaQs2oY8SurJeM2zBrZiN:FZKW4lM/SIVeMJFWQsq8Rtelk

Score
10/10
quasardefense_evasiondiscoveryexecutionspywarethemidatrojan

Malware Config

Extracted

Family

quasar

C2

�lN�=�R�qv�M(�WYbkVL+��C��%�#�����1�qE��P����� ��

Attributes
  • encryption_key

    77B2BF56CB0DCA65A36017F742415FDAE927B839

  • reconnect_delay

    3000

Targets

    • Target

      SecuriteInfo.com.Trojan.SuspectCRC.22361.24708.exe

    • Size

      5.1MB

    • MD5

      792356f7c40d44cb6b1b377a7b02a008

    • SHA1

      5ef9b84d198977bca60da829601efc9a638686c9

    • SHA256

      0d83301aae4af98108f42ccbc7d9b4e3abcd65c91162fc0bfa8d4e3c86733560

    • SHA512

      f6f9d4c389bf1f91ad471085ef6ee90f989bfe0376d3591d0f4440ceb67c26a89f66865f6fa3fd05fbc4cf860fb7a98397242552374367e34ee9b87164f8970b

    • SSDEEP

      98304:FZKWn+ek5LTdM/9sIVbjATvMJDOf7EoAaQs2oY8SurJeM2zBrZiN:FZKW4lM/SIVeMJFWQsq8Rtelk

    Score
    10/10
    quasardefense_evasiondiscoveryexecutionspywarethemidatrojan

    • Quasar RAT

      Quasar is an open source Remote Access Tool.

      trojanspywarequasar

    • Quasar family

      quasar

    • Quasar payload

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

      defense_evasion

    • Command and Scripting Interpreter: PowerShell

      Run Powershell and hide display window.

      execution

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Executes dropped EXE

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

      themida

    • Checks whether UAC is enabled

      defense_evasiontrojan

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1behavioral2

MITRE ATT&CK Enterprise v16

Tasks