quasar | 74494d60aaa78a3af5ed734f5d981cdf32573eefe4a17be66013af895e2987b4[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

74494d60aaa78a3af5ed734f5d981cdf32573eefe4a17be66013af895e2987b4.exe
Size

403KB
MD5

801dfa0bfb890082c7e7f0394051f9eb
SHA1

dc9b056cd1367f84b2d4bc03c90bcca6cd3eea8a
SHA256

74494d60aaa78a3af5ed734f5d981cdf32573eefe4a17be66013af895e2987b4
SHA512

eb192ce8047787a4fc7e9628aca860ce8802e512ef28c4bafa667a7901c40a94259b1f58f085f035971ca59a710c80f4b7e7fcadd13020dcac8170625930b645
SSDEEP

6144:jKJuiyEnCGnhJlMP5Kq+SMv0VGb7bDcllbkaH:WzCGL69zVGkllbka

Score

10^/10

2020 quasar

Malware Config

Extracted

Family

quasar

Version

1.4.0.0

Botnet

2020

C2

localpc.ddns.net:2875

Mutex

9eYfFGqpKrmsmWgGUu

Attributes

encryption_key
BzIpKazdKZENzsJa4Vf2
install_name
defender2020.exe
log_directory
Logs
reconnect_delay
3000
startup_key
WindowsDef2020
subdirectory
Defender2020

Signatures

Quasar family
quasar

Quasar payload 1 IoCs

resource	yara_rule
sample	family_quasar

Files

74494d60aaa78a3af5ed734f5d981cdf32573eefe4a17be66013af895e2987b4.exe
.exe windows x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

mscoree

_CorExeMain

Sections

.text
Size: 285KB - Virtual size: 285KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 116KB - Virtual size: 116KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ