Behavioral task
behavioral1
Sample
5660953fe603b60d33cde0535a62dd597da2ed3fd1c07a9b08c7263e28c615d2.exe
Resource
win7-20220718-en
General
-
Target
5660953fe603b60d33cde0535a62dd597da2ed3fd1c07a9b08c7263e28c615d2
-
Size
349KB
-
MD5
94cb4509fbc7d4a000a35094532b2dc6
-
SHA1
e3a609c58c08a2d34f6f384b40dcf5df0c361c39
-
SHA256
5660953fe603b60d33cde0535a62dd597da2ed3fd1c07a9b08c7263e28c615d2
-
SHA512
7666036e3fbf7ad872f4bb9d5bc4761e4a4d4ce8cf6bd286b19da9a4496b970403852e6bf79ac26d1763c3206aeeecd491724d725fa342ede0e079149d329bc3
-
SSDEEP
6144:VKMJx4pweP7kJS3iR2/5Tb5HAmVDD6Zzp1m+bvK6SkclOYc9S:VKoS/5VAmH6ZzHm8sfJc9S
Malware Config
Extracted
quasar
1.3.0.0
Matei
getrektscrub.hopto.org:4782
QSR_MUTEX_KkiFVxzP7AThmUYEE7
-
encryption_key
g4oiMoBrx37SHLCg4wcA
-
install_name
svchost.exe
-
log_directory
Logs
-
reconnect_delay
3000
-
startup_key
svchost
-
subdirectory
SubDir
Signatures
-
Quasar family
-
Quasar payload 1 IoCs
Processes:
resource yara_rule sample family_quasar
Files
-
5660953fe603b60d33cde0535a62dd597da2ed3fd1c07a9b08c7263e28c615d2.exe windows x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 346KB - Virtual size: 345KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 2KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ