Behavioral task
behavioral1
Sample
4772-415-0x0000000000400000-0x000000000044E000-memory.exe
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
4772-415-0x0000000000400000-0x000000000044E000-memory.exe
Resource
win10v2004-20221111-en
General
-
Target
4772-415-0x0000000000400000-0x000000000044E000-memory.dmp
-
Size
312KB
-
MD5
d96c15384d2d2e56af6d76b9c7842cff
-
SHA1
74e243b9709bb0616908a5235546aa7b71a1951e
-
SHA256
f8852096f628a23d73938386837b0d9b8494442b98a64eb9d50b2b843909e25f
-
SHA512
88b7b914e50871a34ed3810b27941ec005337bc6806fc03e93c3395e89aa3e91d4a98aed20c8dbb1e41c06075f261c21be20b6bdf62c921dcc74d3bf54b2146d
-
SSDEEP
6144:dKJuiyEnCGnhJlMP5Kq+SMv0VGb7bDcllbkOp/C:kzCGL69zVGkllbkO0
Malware Config
Extracted
quasar
1.4.0.0
Office04
51.89.157.248:4782
MvfU8Y7jQptTEqcSWG
-
encryption_key
gfcyUhYEMEq5BWNn8aVX
-
install_name
Client.exe
-
log_directory
Logs
-
reconnect_delay
3000
-
startup_key
Quasar Client Startup
-
subdirectory
SubDir
Signatures
-
Quasar family
-
Quasar payload 1 IoCs
resource yara_rule sample family_quasar
Files
-
4772-415-0x0000000000400000-0x000000000044E000-memory.dmp.exe windows x86
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Sections
.text Size: 285KB - Virtual size: 285KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 2KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ