Behavioral task
behavioral1
Sample
1264-58-0x0000000000400000-0x0000000000484000-memory.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
1264-58-0x0000000000400000-0x0000000000484000-memory.exe
Resource
win10v2004-20230220-en
General
-
Target
1264-58-0x0000000000400000-0x0000000000484000-memory.dmp
-
Size
528KB
-
MD5
c3f96732b38cc7743551b2a48d6e0905
-
SHA1
df613e8141bc4a8ea1787cbc304546012831137f
-
SHA256
6a451e666a6954fe837bacd4d1e66cd45bf4c60a0ac61fa1a8e358c4f64d4edb
-
SHA512
1a5f1e6aff1ff02c0ddd631aa6cd014cabad6604bd6c7872c7ca3940e93b580ca5f8e9a6658702a116dbd9ab83dd620f1122fce6a3cc489933e3df435097071a
-
SSDEEP
12288:/TEgdfYJA6hqH3qVXNTqJO1TGO5ogzYLecd:oUwLq+68TGOegGecd
Malware Config
Extracted
quasar
1.4.0
Fast
atomic.opdailyallowance.top:6980
8794060f-ab80-483d-99e5-cd9b7c5047b7
-
encryption_key
77D64A9E7D6F983A450481EF78D99F3A6B8A5925
-
install_name
svc_host.exe
-
log_directory
Logs
-
reconnect_delay
3000
-
startup_key
SvcHostFramework
-
subdirectory
ChromeUpdate
Signatures
-
Quasar family
-
Quasar payload 1 IoCs
Processes:
resource yara_rule sample family_quasar
Files
-
1264-58-0x0000000000400000-0x0000000000484000-memory.dmp.exe windows x86
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Sections
.text Size: 498KB - Virtual size: 498KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 3KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ