Behavioral task
behavioral1
Sample
a5a95cd39484fabee1551b0daeb1a3c3fc94c610fe2020e2f714f366ef1430aa.exe
Resource
win7-en-20211208
General
-
Target
a5a95cd39484fabee1551b0daeb1a3c3fc94c610fe2020e2f714f366ef1430aa
-
Size
348KB
-
MD5
976abfeee6afe436cb09e480baa0f072
-
SHA1
460f1b15acf310a4a648b26c80efd21ebe94cac0
-
SHA256
a5a95cd39484fabee1551b0daeb1a3c3fc94c610fe2020e2f714f366ef1430aa
-
SHA512
8c81efc4e102f9a66eb1626a126b59f21d37b277183c2364386988fc53e6fd07f08a2d730c9f45aa43619ec551dcf53b663bfe470998ac187df422feb0d274c1
-
SSDEEP
6144:diwb/c2L0trOsRdSt2sbBmtIUEkctjU2jxB1:oH2LKRdxntIUzchU2jxB1
Malware Config
Extracted
quasar
1.3.0.0
Ps
45.74.53.124:4782
s5v8y/B?E(H+MbQeThWmZq3t6w9z$C&F)J@NcRfUjXn2r5u7x!A%D*G-KaPdSgV
-
encryption_key
sEybIz3EK3xXIpG2z1h2
-
install_name
Client.exe
-
log_directory
Logs
-
reconnect_delay
0
-
startup_key
Quasar Client Startup
-
subdirectory
SubDir
Signatures
-
Quasar Payload 1 IoCs
Processes:
resource yara_rule sample family_quasar -
Quasar family
Files
-
a5a95cd39484fabee1551b0daeb1a3c3fc94c610fe2020e2f714f366ef1430aa.exe windows x86
f34d5f2d4577ed6d9ceec516c1f5a744
Code Sign
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 345KB - Virtual size: 344KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 2KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ