quasar | fps booster-v2[.]exe | Triage

Sharing

General

Target

fps booster-v2.exe
Size

502KB
MD5

96c6423e1eccf8b6232501d1987ef52a
SHA1

2032b7ec389f528b02825ebfba65efdf93fe3710
SHA256

946b95baf9dceca8cd49595cb96eb9f64ba6dad28ee305a903df396fb6e16d0e
SHA512

ce9b3832bf4a0071302e11570628d83063d028c543da1ea4bf4315bde605240005346b6ca8cd9c17d1e5e3be3264e5c6515a22839efadf2468383b4de8fc2507
SSDEEP

6144:1TEgdc0Y5XAGbgiIN2RSB4n6fm/XZOo5Etqz6+yw4HUcEHOb8F9W8tIhg5FcTR3W:1TEgdfYVbgk6f3h43ywz3pftF5FcdW

Score

10^/10

måns quasar

Malware Config

Extracted

Family

quasar

Version

1.4.0

Botnet

måns

C2

considered-stars.at.ply.gg:11659

Mutex

9f60b006-1076-4e00-a1d2-b03357917059

Attributes

encryption_key
C0A8FC2735ADC4A843E72CDB8521BBF477D0567F
install_name
system32.exe
log_directory
Logs
reconnect_delay
3000
startup_key
system
subdirectory
subdir

Signatures

Quasar family
quasar

Quasar payload 1 IoCs

resource	yara_rule
sample	family_quasar

Files

fps booster-v2.exe
.exe windows x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 498KB - Virtual size: 497KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ