quasar | tmp | Triage

Sharing

General

Target

tmp
Size

505KB
MD5

56fdac38d6004e0bc5fb2d5c961322e2
SHA1

470111decd8883231c720a05eab77032e8b77250
SHA256

cd2a19b6db25d50aa3413300fe5d1183a082a388e9b12d47fbb6ef765e1c819a
SHA512

3c9f4534c275f09935dc38853e9733145ade98ef53cb4d6f7cd4d530d938c4e00117f995778d343285e3e2829fbceab3681e43772cff91fba7d41ba81c3a60dc

Score

10^/10

new1 quasar

Malware Config

Extracted

Family

quasar

Version

1.4.0

Botnet

new1

C2

bigrussianfloppa.duckdns.org:1004

Mutex

a8db07ed-e16a-4405-a04c-3980d567bfdb

Attributes

encryption_key
49FAF85C97BB43AF1E641011D48AB0EBC58C478E
install_name
java.exe
log_directory
logz
reconnect_delay
300
startup_key
Java
subdirectory
JavaTools

Signatures

Quasar Payload 1 IoCs

Processes:

resource yara_rule

sample family_quasar
Quasar family
quasar

Files

tmp
.exe windows x86

f34d5f2d4577ed6d9ceec516c1f5a744

Code Sign

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 498KB - Virtual size: 497KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ