quasar | Venom22[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

Venom22.exe
Size

1.0MB
MD5

c9ac2e68c83afcd5a69ded7ba0fbc8e2
SHA1

ca2efe9efd74b617dc9afc1876cf46663e199cd9
SHA256

778c851c0677e6b9da60460d14d71255c38c8f46af040dba86f88703e57d2d1e
SHA512

18821a9010b5ad065cc87f9be33bea4d6a001059a2218a84cb772a8e0d4ebabfce02e70a819079d36e0ea8676b55836fc9e9b6dd2ab09f159915e82095c96e46
SSDEEP

24576:J/ynkc1ZzBvtrZHFjMKY2X93+I38el875BmCV:dynkc1ZzBvtrZHFjMKY2NH8el+Bm

Score

10^/10

venom client quasar

Malware Config

Extracted

Family

quasar

Version

2.7.0.0

Botnet

Venom Client

C2

ratvenom.ddns.net:4782

Mutex

Ogal9dzv5tmE4alv7H

Attributes

encryption_key
dLeS6E0j9gZ77HJ0HBva
install_name
Venom.exe
log_directory
Logs
reconnect_delay
3000
startup_key
Venom Client Startup

Signatures

Quasar family
quasar

Quasar payload 1 IoCs

resource	yara_rule
sample	family_quasar

Files

Venom22.exe
.exe windows x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 1.0MB - Virtual size: 1.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ