quasar | 5660953fe603b60d33cde0535a62dd597da2ed3fd1c07a9b08c7263e28c615d2 | Triage

Sharing

General

Target

5660953fe603b60d33cde0535a62dd597da2ed3fd1c07a9b08c7263e28c615d2
Size

349KB
MD5

94cb4509fbc7d4a000a35094532b2dc6
SHA1

e3a609c58c08a2d34f6f384b40dcf5df0c361c39
SHA256

5660953fe603b60d33cde0535a62dd597da2ed3fd1c07a9b08c7263e28c615d2
SHA512

7666036e3fbf7ad872f4bb9d5bc4761e4a4d4ce8cf6bd286b19da9a4496b970403852e6bf79ac26d1763c3206aeeecd491724d725fa342ede0e079149d329bc3
SSDEEP

6144:VKMJx4pweP7kJS3iR2/5Tb5HAmVDD6Zzp1m+bvK6SkclOYc9S:VKoS/5VAmH6ZzHm8sfJc9S

Score

10^/10

matei quasar

Malware Config

Extracted

Family

quasar

Version

1.3.0.0

Botnet

Matei

C2

getrektscrub.hopto.org:4782

Mutex

QSR_MUTEX_KkiFVxzP7AThmUYEE7

Attributes

encryption_key
g4oiMoBrx37SHLCg4wcA
install_name
svchost.exe
log_directory
Logs
reconnect_delay
3000
startup_key
svchost
subdirectory
SubDir

Signatures

Quasar family
quasar
Quasar payload 1 IoCs

Processes:

resource yara_rule

sample family_quasar

Files

5660953fe603b60d33cde0535a62dd597da2ed3fd1c07a9b08c7263e28c615d2
.exe windows x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 346KB - Virtual size: 345KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ