quasar | 30d1d838112df9d0a9b75c96906dc14e1a36bd279802e10bcbc41b674ab6c668

General

Target

30d1d838112df9d0a9b75c96906dc14e1a36bd279802e10bcbc41b674ab6c668
Size

502KB
MD5

e2a90c3e125ae445d0763f4caa47381b
SHA1

e53c0be113b08a33afadad940ed31f9843bfa5b7
SHA256

30d1d838112df9d0a9b75c96906dc14e1a36bd279802e10bcbc41b674ab6c668
SHA512

af9c0026f44bdfe8c4f4ed37dfbe5fdfe4fb66652b79459539e7459f822b256dd1c50bee317ea7b37ad583e91cc9603bb9916b2ffa2ce8b941d53ac959ed6c95
SSDEEP

6144:LTEgdc0YOXdSdcZER4sOWHCFvrs6jFNvkvcEjOb8F9tauYR4ZcTR3Q:LTEgdfY/dcKUKzpHauYR4ZcdQ

Score

10^/10

1 quasar

Malware Config

Extracted

Family

quasar

Version

1.4.0

Botnet

1

C2

dlldns.duckdns.org:20000

whoru222.xyz:20000

whereami3.xyz:20000

letmerat.xyz:20000

selfdestructdns.xyz:20000

wtfimrich666.xyz:20000

p2x4y.xyz:21000

howmanytimes3.xyz:21000

ceeloblack.xyz:21000

thanksfam.xyz:21000

Mutex

2e3c0776-66f3-4050-b059-b831e335e235

Attributes

encryption_key
67DFA5AFA3111DA4B8B545C503A131C3C3D1E34C
install_name
WinUpdater.exe
log_directory
Logs
reconnect_delay
3000
startup_key
WinUpdater
subdirectory
WinUpdater

Signatures

Quasar Payload 1 IoCs

Processes:

resource yara_rule

sample family_quasar
Quasar family
quasar

resource	yara_rule
sample	family_quasar

Files

30d1d838112df9d0a9b75c96906dc14e1a36bd279802e10bcbc41b674ab6c668
.exe windows x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 498KB - Virtual size: 498KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 498KB - Virtual size: 498KB

.rsrc Size: 3KB - Virtual size: 2KB

.reloc Size: 512B - Virtual size: 12B

.text
Size: 498KB - Virtual size: 498KB

.rsrc
Size: 3KB - Virtual size: 2KB

.reloc
Size: 512B - Virtual size: 12B