quasar | a5a95cd39484fabee1551b0daeb1a3c3fc94c610fe2020e2f714f366ef1430aa | Triage

Sharing

General

Target

a5a95cd39484fabee1551b0daeb1a3c3fc94c610fe2020e2f714f366ef1430aa
Size

348KB
MD5

976abfeee6afe436cb09e480baa0f072
SHA1

460f1b15acf310a4a648b26c80efd21ebe94cac0
SHA256

a5a95cd39484fabee1551b0daeb1a3c3fc94c610fe2020e2f714f366ef1430aa
SHA512

8c81efc4e102f9a66eb1626a126b59f21d37b277183c2364386988fc53e6fd07f08a2d730c9f45aa43619ec551dcf53b663bfe470998ac187df422feb0d274c1
SSDEEP

6144:diwb/c2L0trOsRdSt2sbBmtIUEkctjU2jxB1:oH2LKRdxntIUzchU2jxB1

Score

10^/10

ps quasar

Malware Config

Extracted

Family

quasar

Version

1.3.0.0

Botnet

Ps

C2

45.74.53.124:4782

Mutex

s5v8y/B?E(H+MbQeThWmZq3t6w9z$C&F)J@NcRfUjXn2r5u7x!A%D*G-KaPdSgV

Attributes

encryption_key
sEybIz3EK3xXIpG2z1h2
install_name
Client.exe
log_directory
Logs
reconnect_delay
0
startup_key
Quasar Client Startup
subdirectory
SubDir

Signatures

Quasar Payload 1 IoCs

Processes:

resource yara_rule

sample family_quasar
Quasar family
quasar

Files

a5a95cd39484fabee1551b0daeb1a3c3fc94c610fe2020e2f714f366ef1430aa
.exe windows x86

f34d5f2d4577ed6d9ceec516c1f5a744

Code Sign

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 345KB - Virtual size: 344KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ