quasar | 4d31802fd5fe940aaf851651c652fd48[.]exe | Triage

Sharing

General

Target

4d31802fd5fe940aaf851651c652fd48.exe
Size

502KB
MD5

4d31802fd5fe940aaf851651c652fd48
SHA1

b85d44724be0cfd3cea1fb6c82ca6086974d0a39
SHA256

019d6e0ab473a9560330237317284e0abef50750e4cec7f31f291091346b32ef
SHA512

3dc3826d6856ba6e9491f45a26cc36e39863267d3cc8082bc974e3f6ea93d1a96a795446563a8e0c49a550ae5304854f5609dc6506f33b040214b1a1e62501a2
SSDEEP

12288:FTEgdfYqbgYug4S4qywzZpHdt2Hkz4cdG:mUwioSywzZp9MHNcdG

Score

10^/10

hplus quasar

Malware Config

Extracted

Family

quasar

Version

1.4.0

Botnet

hplus

C2

103.136.199.131:4782

Mutex

d5cdf062-4717-4ab9-b33a-30b4304776db

Attributes

encryption_key
3E9E141AD83C5BD6CE91880C0E256E15401EC674
install_name
Client.exe
log_directory
Logs
reconnect_delay
3000
startup_key
Google Chrome Updater
subdirectory
SubDir

Signatures

Quasar family
quasar

Quasar payload 1 IoCs

resource	yara_rule
sample	family_quasar

Files

4d31802fd5fe940aaf851651c652fd48.exe
.exe windows x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 498KB - Virtual size: 497KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ