quasar | aa14bc7fe4a9e56d75945dee38c3cf77[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

aa14bc7fe4a9e56d75945dee38c3cf77.exe
Size

502KB
MD5

aa14bc7fe4a9e56d75945dee38c3cf77
SHA1

e86fee3cf8dec6a93ce0683f62f2601f23ce2ce6
SHA256

427decd0986270b1f3459b61c38d3abcbd68d3a1fb08ea39a9b681bb26ec1449
SHA512

327247f90d67d6b29acff6849cd825645fe85bfb4ee0ee875d0168271363e0c88c73c5826995f7051a1d1da2e74afeef19956133d5bcab4b3f641751ae9668e2
SSDEEP

6144:dTEgdc0YpXAGbgiIN2RSBTFwfEJGpRgbujeq5clcEqOb8F5egAM0+cTR3+:dTEgdfYlbgUR1u6pJAz+cd+

Score

10^/10

office04 quasar

Malware Config

Extracted

Family

quasar

Version

1.4.0

Botnet

Office04

C2

20.223.155.39:8808

127.0. 0.1:8808

Mutex

f0e07e87-d114-425a-9e4e-8911f3f02e74

Attributes

encryption_key
93E24ACE7FFA02F1927A56C62CFEFABC58E6463E
install_name
Client.exe
log_directory
Logs
reconnect_delay
3000
startup_key
System
subdirectory
SubDir

Signatures

Quasar family
quasar

Quasar payload 1 IoCs

resource	yara_rule
sample	family_quasar

Files

aa14bc7fe4a9e56d75945dee38c3cf77.exe
.exe windows x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 498KB - Virtual size: 497KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ