quasar | Discord[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

Discord.exe
Size

781KB
MD5

9a1242d1d8fd1d9337b7a14e70de3da0
SHA1

a2defa03d8475c4495cb986b1976c85f74e4b28a
SHA256

3254ef9f0c99941350246a63bc24da2e27e39958c41e2c4b475c1c8024e72788
SHA512

ddcda65441dfec4a382733ec49681a28e74171f00dfe752063ee3776f7cef7fc65ba1a4cd9c8a4a23d6d9e6fd4f106815949a837a26c42b6bb47db73e345b16e
SSDEEP

6144:9TEgdc0Y6XAGbgiIN2RSBhBAcjpwBgmFPr2c+G8cEVOb8JfnkcFKcTR3k:9TEgdfYwbgdBZbF1RFKcdk

Score

10^/10

discord quasar

Malware Config

Extracted

Family

quasar

Version

1.4.0

Botnet

Discord

C2

68.89.69.83:4782

Mutex

2ff52da4-c101-4f4d-a405-a86081df929c

Attributes

encryption_key
02CB049E42F8627E6B28B71F3A0B135F1BDA55C9
install_name
DiscordInstaller.exe
log_directory
Logs
reconnect_delay
3000
startup_key
Discord
subdirectory
Discord

Signatures

Quasar family
quasar

Quasar payload 1 IoCs

resource	yara_rule
sample	family_quasar

Files

Discord.exe
.exe windows x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 498KB - Virtual size: 497KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 282KB - Virtual size: 281KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ