ioc[.]one - OSINT Cyber Threat Intelligence Database

Quasar RAT's Dual DLL Sideloading Technique

Tags

attack-pattern:

Show in Graph

Common Information

Type	Value
UUID	769e9d97-d518-44ee-9af8-3d8b21fce7d1
Fingerprint	ac14190be9be06ef
Analysis status	DONE
Considered CTI value	2
Text language
Published	Oct. 20, 2023, 2:52 p.m.
Added to db	Nov. 6, 2023, 7:47 p.m.
Last updated	Nov. 17, 2024, 6:55 p.m.
Headline	Double Trouble: Quasar RAT's Dual DLL Sideloading in Focus
Title	Quasar RAT's Dual DLL Sideloading Technique
Detected Hints/Tags/Attributes	57/1/21

Source URLs

	Redirection	Url
Details	Source	https://www.uptycs.com/blog/quasar-rat

URL Provider

Details	Provider	Source level domain
Details	uptycs.com	www.uptycs.com

RSS Feed

Details	Id	Enabled	Feed title	Url	Added to db
Details	389	✔	Uptycs Blog	https://www.uptycs.com/blog/rss.xml	2024-08-30 22:08

Attributes

Details	Type	#Events	Value
Details	Domain	3	ec2-3-94-91-208.compute-1.amazonaws.com
Details	File	63	ctfmon.exe
Details	File	312	calc.exe
Details	File	5	ebill-997358806.exe
Details	File	4	monitor.ini
Details	File	7	msctfmonitor.dll
Details	File	4	filedownloader.exe
Details	File	103	regasm.exe
Details	File	9	secure32.dll
Details	File	1	winsecu32.dll
Details	File	1	c:\users\public\pictures\calc.exe
Details	md5	3	e4eb623a0f675960acb002d225c6f1d6
Details	md5	1	B625C18E177D5BEB5A6F6432CCF46FB3
Details	md5	1	7074832F0EFB8A2130B1935EAE5A90D6
Details	md5	2	B0DB6ADA5B81E42AADB82032CBC5FD60
Details	md5	2	32DE5C2E0BA35CEAC3C515FA767E42BF
Details	md5	2	5da8c98136d98dfec4716edd79c7145f
Details	md5	3	d07e4afd8f26f3e2ce4560e08b7278fb
Details	md5	2	532AF2DB4C10352B2199724D528F535F
Details	IPv4	3	3.94.91.208
Details	Windows Registry Key	1	HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\WindowsCalculator