quasar | Heart Sender V5[.]0[.]exe | Triage

Sharing

General

Target

Heart Sender V5.0.exe
Size

439KB
MD5

8f808bb54b422500304dfc68b87198fc
SHA1

24ebeb615f0bdcaa3980722100d6fc42111b62ec
SHA256

680caf0e30b204544971d053b635ed0e3f1dee3332d9eab8a08b3f04cd7ecd75
SHA512

46ce4cde81607819e360b0efc424c4b5602c7515661a88e6a0d66cd9e88dcc68219f0a85200e6c40cc34bcac0e5ab652e6db4b4b1c1b913ad351061dae880e99
SSDEEP

6144:vwLRSjIXAnZQel5w7T4P5Kq+SMv0VGb7bDcllbkuVB8:v/4AZrg7g9zVGkllbko

Score

10^/10

quasar

Malware Config

Extracted

Family

quasar

Attributes

reconnect_delay
3000

Signatures

Quasar family
quasar
Quasar payload 1 IoCs

Processes:

resource yara_rule

sample family_quasar

Files

Heart Sender V5.0.exe
.exe windows x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 331KB - Virtual size: 331KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.sdata
Size: 1024B - Virtual size: 744B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 105KB - Virtual size: 105KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ