quasar | Updater[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

Updater.exe
Size

502KB
MD5

062aeb2f3789e7a6eeb71a44b63672e9
SHA1

62622e77e33747bb3edc1f29386866a13a7eac87
SHA256

6fe7b6e0da70beafea5a88ed71255653b766c97b4c5dbfe48fa5b03fb943a45f
SHA512

a417d573ede64c57223170b78fa55b8e7b38e8e6e439c98a03e85db30858ad3e08120a489ccd8c65c65e36fa6ddb041942f457485a06f5cd12108c908595850c
SSDEEP

6144:kTEgdc0YUXAGbgiIN2RSBxCnNFm+3WLy5Etql+yw4gUcEsOb8F9mTcHV1cTR3r:kTEgdfY+bgdONFKj44ywGcpQTcPcdr

Score

10^/10

control quasar

Malware Config

Extracted

Family

quasar

Version

1.4.0

Botnet

Control

C2

193.149.176.156:8080

Mutex

84609ecb-d94d-40c4-85ff-8b3191e9d5f0

Attributes

encryption_key
936C784DF6BFBCB86D89EDF1DA8425E6D70DCFBB
install_name
explorer.exe
log_directory
Logs
reconnect_delay
1000
startup_key
Windows Defender
subdirectory
D3SD

Signatures

Quasar family
quasar

Quasar payload 1 IoCs

resource	yara_rule
sample	family_quasar

Files

Updater.exe
.exe windows x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 498KB - Virtual size: 497KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ