quasar | Client-built[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

Client-built.exe
Size

781KB
MD5

ee5738c73536810ad9119a91955eb1c4
SHA1

0a7d431c23f2a861b1c8eb0af21be0113aff623e
SHA256

b320512bf71bdbf3b184667d4bca977dd3a2d8544c13bd4e6e56ac1a8d27ea2a
SHA512

2d67e45ac9dcb92a089809b124024a025ec015d9549f79c0697b3c4b2886f200160372f654c857ea4ed67f6d5a8b5ef10d09d382f0e997b27f2cd712e31cbfcf
SSDEEP

6144:BTEgdc0YRebGbXOsA6j1Rdh5n7Vz51x3C/pC0DTj92rpYodFmcEgHtb8F9d35R15:BTEgdfYJA6hnZlYpbTqYlUSD8e7cd4

Score

10^/10

discord quasar

Malware Config

Extracted

Family

quasar

Version

1.4.0

Botnet

Discord

C2

68.89.69.83:4782

154.61.71.13:4782

Mutex

2ff52da4-c101-4f4d-a405-a86081df929c

Attributes

encryption_key
02CB049E42F8627E6B28B71F3A0B135F1BDA55C9
install_name
DiscordInstaller.exe
log_directory
Logs
reconnect_delay
3000
startup_key
Discord
subdirectory
Discord

Signatures

Quasar family
quasar

Quasar payload 1 IoCs

resource	yara_rule
sample	family_quasar

Files

Client-built.exe
.exe windows x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 498KB - Virtual size: 497KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 282KB - Virtual size: 281KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ