quasar | 0a37eef9a7a23635bf0bd60529521d44e60fa454a329a81466a657edb442a08f | Triage

Sharing

General

Target

0a37eef9a7a23635bf0bd60529521d44e60fa454a329a81466a657edb442a08f
Size

348KB
MD5

be1958cb2bbcde1fa0ebbdc73a579fff
SHA1

d91235298ccc73a1712407db6ff7b83225e66c82
SHA256

0a37eef9a7a23635bf0bd60529521d44e60fa454a329a81466a657edb442a08f
SHA512

e70318ed7a80d6f16053a6a0376741774f49889b6cc189ff128f1fa3169c0724d84c649b25086b2420ce4c2222640b9da7974af20074f50054e382bbf639734f
SSDEEP

6144:TLNHXf500MG5pYK+lrRgE4pyfIbJy0tgKbl4+YWkvEU+:Pd50QpYnne5XblF3kT+

Score

10^/10

infected quasar

Malware Config

Extracted

Family

quasar

Version

1.3.0.0

Botnet

INFECTED

C2

mpapwpodllalw:4787

Mutex

QSR_MUTEX_ZHiYRTyEwnDVythpPG

Attributes

encryption_key
JJ24c9vhc2iN2AuqTdrZ
install_name
lclsrv.exe
log_directory
Logs
reconnect_delay
1000
startup_key
Microsoft SMB Filter 2.0
subdirectory
Windows

Signatures

Quasar Payload 1 IoCs

Processes:

resource yara_rule

sample family_quasar
Quasar family
quasar

Files

0a37eef9a7a23635bf0bd60529521d44e60fa454a329a81466a657edb442a08f
.exe windows x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 344KB - Virtual size: 344KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ