quasar | 7f320f3c89aa96786c66aacd6888e0fb[.]bin | Triage

Sharing

General

Target

7f320f3c89aa96786c66aacd6888e0fb.bin
Size

229KB
MD5

baa938fcfce1fc6060ab1c01a1732683
SHA1

c3e9ed8c54c8d1ca26fcb978493fc35c68d7a7b9
SHA256

70de0a15ae169734e521058c2ae6e4eb5aec5d64022dda96aababb95140afea8
SHA512

46438e3610307c53c8df0fd2c4b8c6ef2dd7b860942e892dba39c8e6fcb4f8308fd2a950d4e9f05be8256e7a6e263be72b6efe0aca4e24b6b85c0df5a4cd5e8c
SSDEEP

6144:he9ieo/NkZNXkkSc9T0hWP3cmAX7SOmHPd7J/o:wi3lkLvl9TN3cmImpJ/o

Score

10^/10

qvoidstealer quasar

Malware Config

Extracted

Family

quasar

Version

1.4.0

Botnet

QvoidStealer

C2

some-cheapest.at.ply.gg:23531

Mutex

54df9136-b3de-4bad-bd8b-47e6b784f9c5

Attributes

encryption_key
2983A46EA8B59C637EB255AF1B3AE8D46E3FBFCC
install_name
LanguageHandler.exe
log_directory
Logs
reconnect_delay
3000
startup_key
discord.exe
subdirectory
WINDOWS

Signatures

Quasar family
quasar

Quasar payload 1 IoCs

resource	yara_rule
static1/unpack001/90209a92106ca054be770dd31f2ba9539aa9ccb3580351cbc8b3041f31f66381.exe	family_quasar

Files

7f320f3c89aa96786c66aacd6888e0fb.bin
.zip

Password: infected
90209a92106ca054be770dd31f2ba9539aa9ccb3580351cbc8b3041f31f66381.exe
.exe windows x86

Password: infected

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 498KB - Virtual size: 497KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ