quasar | bKJ7[.]exe | Triage

Sharing

General

Target

bKJ7.exe
Size

348KB
MD5

7f515d05fb17932adbbcbd0c2aba18f1
SHA1

9220c765e0dd0e7fa30af6823f3f382ef12a5dde
SHA256

39dd5339fa37de30a494a9995744facb01ed2ed446d8c2041d4817000ee8f357
SHA512

73e627f18d47eaa94151b40a4c3977985faef9196f78a070f22b1df61c5d849f549d81c1c57b48e17bb5b7544e650b21000aab307d8235f2f0486e2174a1d8f2
SSDEEP

6144:kg6bPXhLApfpvKhECGiwru41w8wbfb3EA+6sq5FLT4rN6:9mhApdKhEC8SOw8aQRCFLTo6

Score

10^/10

office04 quasar

Malware Config

Extracted

Family

quasar

Version

1.3.0.0

Botnet

Office04

C2

myhost88.ddns.net:4782

Mutex

QSR_MUTEX_kTcfswfSj43R2vlOKd

Attributes

encryption_key
QnUpxbEUVKL7JTeQ1Sc5
install_name
ms configs.exe
log_directory
Logs
reconnect_delay
3000
startup_key
ms configs
subdirectory
SubDir

Signatures

Quasar family
quasar

Quasar payload 1 IoCs

resource	yara_rule
sample	family_quasar

Files

bKJ7.exe
.exe windows x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 344KB - Virtual size: 344KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ