quasar | Quantum Realm[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

Quantum Realm.exe
Size

3.2MB
MD5

a0ea62228a00a903b0e2edd2a1077f76
SHA1

cbababe0111ee963a3cdf70ff1d6398a853f467f
SHA256

3a62c18261a8f899c82eaed7aeb78c2d284788e55dd6c37cad57701a44df9a86
SHA512

6153fd9ed36e6ff79e993659ee5071eba4dc7a66b7f78aae5eae85afac766c86f7faab0f8f6e7ba9b10d31096a415fc288792cd536944834eecf1a644cb8ac89
SSDEEP

49152:dvGhBYjCO4Dt2d5aKCuVPzlEmVQL0wvwkauwkr+Mf2QoGdw+THHB72eh2NTj:dvot2d5aKCuVPzlEmVQ0wvwfuwkrZ8

Score

10^/10

quantum realm quasar

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

Quantum Realm

C2

klept0wiz-33913.portmap.host:33913

Mutex

20eef7d0-10ab-4a86-9513-b9dde24d4001

Attributes

encryption_key
BF6CB0CE72C9593FB0C18AFEF02BEA29864C278D
install_name
UnityDebugBuild64.exe
log_directory
CrashLogs
reconnect_delay
3000
startup_key
Quasar Client Startup
subdirectory
QuantumRealm

Signatures

Quasar family
quasar

Quasar payload 1 IoCs

resource	yara_rule
sample	family_quasar

Files

Quantum Realm.exe
.exe windows x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 3.1MB - Virtual size: 3.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 136KB - Virtual size: 136KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ