Behavioral task
behavioral1
Sample
Win64Sys.exe
Resource
win7-20221111-en
General
-
Target
Win64Sys.exe
-
Size
378KB
-
MD5
361ee66ffa93eda7d78eb4a5d14bfd57
-
SHA1
e8157e8283a3f8eb7390d45b98ae4d32c53ce273
-
SHA256
8f42439424657a1b5f08a2ec107041b5a7e01129dd40bb08fa04659b70d90567
-
SHA512
19fd3a727bdd1222e8cb859fa09f89fcd075c761ffeaa0a5b69c20faa4782de26157e446f6d548da5c3b2bf203d9aace78d963b7566c3fbbbe9a3c5c26d9f0d6
-
SSDEEP
6144:+KMJx4pweP7kJS3irzPchzCSfj654xCbjj0P4MkV45M9TP:+KoSckh9765EAj0NHM9TP
Malware Config
Extracted
quasar
1.3.0.0
Office04
stuhowe.ddns.net:4782
QSR_MUTEX_X4mfjPTkLaQEdjHzYF
-
encryption_key
9FBvOmlVpI0GOzCn9KhI
-
install_name
Win64Sys.exe
-
log_directory
Keys
-
reconnect_delay
3000
-
startup_key
Windows x64 System Client
-
subdirectory
Micosoft
Signatures
-
Quasar family
-
Quasar payload 1 IoCs
resource yara_rule sample family_quasar
Files
-
Win64Sys.exe.exe windows x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 346KB - Virtual size: 345KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 31KB - Virtual size: 31KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ