quasar | Client-built[.]exe | Triage

Sharing

General

Target

Client-built.exe
Size

502KB
MD5

96c4d857641c4f6a7ccf574d5af68590
SHA1

bf7091779ca64a7bbf9a37ec44b04ca763699d68
SHA256

4232f57f7d45a1517dfcc3a5897698b04ec6473d2ee77c58e5667f5855a41eab
SHA512

efdf431747cf81461914800b5623812907121c1a414aa37130700e0e03efc772dacd481b89f42497f80fc8c006a6fdacc05f362970d826ce39ddb18f6d18c7d9
SSDEEP

6144:gTEgdc0YhebGbXOsA6j1Rdhqn+Zm3DqDT5Etq0+yw48UcEbOb8F97RcdlbphCcTI:gTEgdfY5A6O+Zhi4hywiLp1RYvhCcde

Score

10^/10

discordman quasar

Malware Config

Extracted

Family

quasar

Version

1.4.0

Botnet

DISCORDMAN

C2

blinken-47096.portmap.host:47096

Mutex

6c28362a-36c2-4dfd-8016-e5985e80ff37

Attributes

encryption_key
5D3E578C8C9DA15719B62CD7EA40C56E3B1C1440
install_name
ChromeUpdate.exe
log_directory
Logs
reconnect_delay
3000
startup_key
Spotify
subdirectory
Chrome

Signatures

Quasar family
quasar

Quasar payload 1 IoCs

resource	yara_rule
sample	family_quasar

Files

Client-built.exe
.exe windows x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 498KB - Virtual size: 497KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ