quasar | 3e7a0b5e72ecec713863dec7be6c05f9ab7636a9eb6a3e4147ad1494cde42b34 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

3e7a0b5e72ecec713863dec7be6c05f9ab7636a9eb6a3e4147ad1494cde42b34
Size

309KB
MD5

b3af05951e7eb7488723e4e04ebce87d
SHA1

72bc47cbd48de4e6a0428f3bbe65b5d783287731
SHA256

3e7a0b5e72ecec713863dec7be6c05f9ab7636a9eb6a3e4147ad1494cde42b34
SHA512

c2138f4dcfd269d01478becb1463f7f4ab9fb4bc11a7aecba9e3c062e740ac30dd9d65cbecabf2177b5867ace985b91e42216a8e1bb38cce3d7d0f51c0e2d659
SSDEEP

6144:Bshd7eDcqk0G1Ypil1TQxqhzu4nkhdVwbjJ1ybkYWZrrpTxNg:VDcT1tY4Idc1ybkXZhTxNg

Score

10^/10

svhost quasar

Malware Config

Extracted

Family

quasar

Version

1.4.0.0

Botnet

svhost

C2

213.166.70.161:4382

Mutex

yPY6kNAgcPTU0BEbwL

Attributes

encryption_key
x6Rzd5QkYEdxkwcdu3nG
install_name
system32.exe
log_directory
Logs
reconnect_delay
3000
startup_key
system
subdirectory
SubDir

Signatures

Quasar family
quasar

Quasar payload 1 IoCs

resource	yara_rule
sample	family_quasar

Files

3e7a0b5e72ecec713863dec7be6c05f9ab7636a9eb6a3e4147ad1494cde42b34
.exe windows x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 283KB - Virtual size: 282KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ