Behavioral task
behavioral1
Sample
0a37eef9a7a23635bf0bd60529521d44e60fa454a329a81466a657edb442a08f.exe
Resource
win7-20220414-en
General
-
Target
0a37eef9a7a23635bf0bd60529521d44e60fa454a329a81466a657edb442a08f
-
Size
348KB
-
MD5
be1958cb2bbcde1fa0ebbdc73a579fff
-
SHA1
d91235298ccc73a1712407db6ff7b83225e66c82
-
SHA256
0a37eef9a7a23635bf0bd60529521d44e60fa454a329a81466a657edb442a08f
-
SHA512
e70318ed7a80d6f16053a6a0376741774f49889b6cc189ff128f1fa3169c0724d84c649b25086b2420ce4c2222640b9da7974af20074f50054e382bbf639734f
-
SSDEEP
6144:TLNHXf500MG5pYK+lrRgE4pyfIbJy0tgKbl4+YWkvEU+:Pd50QpYnne5XblF3kT+
Malware Config
Extracted
quasar
1.3.0.0
INFECTED
mpapwpodllalw:4787
QSR_MUTEX_ZHiYRTyEwnDVythpPG
-
encryption_key
JJ24c9vhc2iN2AuqTdrZ
-
install_name
lclsrv.exe
-
log_directory
Logs
-
reconnect_delay
1000
-
startup_key
Microsoft SMB Filter 2.0
-
subdirectory
Windows
Signatures
-
Quasar Payload 1 IoCs
Processes:
resource yara_rule sample family_quasar -
Quasar family
Files
-
0a37eef9a7a23635bf0bd60529521d44e60fa454a329a81466a657edb442a08f.exe windows x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 344KB - Virtual size: 344KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 2KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ