General
-
Target
1fc3469378a92b852065e463b99e5b0cab8d8ba9d2fde12c05baa1454673b616
-
Size
348KB
-
MD5
99a2e914bbf4c8410c8c57bf24901919
-
SHA1
8af5cc6ebba0bd365fa8accd92610c71380d93f7
-
SHA256
1fc3469378a92b852065e463b99e5b0cab8d8ba9d2fde12c05baa1454673b616
-
SHA512
f3b667faecf82c2b0528be0febcb9d2c21f54725fc2b9be03616c8398d849664571f04dda5364af6dc63d3351f51f5906f9f31fcec8e4b99ea18189d55d824cc
-
SSDEEP
6144:+uwb/c2L0tR/i/3d96vxbh+fy3+ExETXWg3WKwt4d:hH2L+ive3r+0EqgmK24d
Malware Config
Extracted
quasar
1.3.0.0
Office04
188.119.45.143:9896
microsoftstolewindows.duckdns.org:9896
192.168.1.52:9896
QSR_MUTEX_cXyKUgoh2Hpnny6zAV
-
encryption_key
GTemocnTKzZZHIqpqBGg
-
install_name
svchost.exe
-
log_directory
Logs
-
reconnect_delay
3000
-
startup_key
svchost
-
subdirectory
SubDir
Signatures
-
Quasar family
-
Quasar payload 1 IoCs
resource yara_rule sample family_quasar
Files
-
1fc3469378a92b852065e463b99e5b0cab8d8ba9d2fde12c05baa1454673b616.exe windows x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 345KB - Virtual size: 344KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 2KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ