quasar | 01b694e73ae67576d5960eef85a9ad2f[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

01b694e73ae67576d5960eef85a9ad2f.exe
Size

3.1MB
MD5

01b694e73ae67576d5960eef85a9ad2f
SHA1

05c2b455aa833d30e72f344da84fb1f0cc180bcb
SHA256

4a23db5ce6616e586397a0ac25de51cc1450f4217009715f8ac809b20d377b39
SHA512

37581921d7f535dc10d8b671e28956e94b5f6c337219653ed33bbe7f67ef634d1a13f56a39286d12f029b97a28ccc857b3949f321ff5b34e340e7148e1c2834d
SSDEEP

49152:3vCG42pda6D+/PjlLOlg6yQipVrCj1JnooGdo8THHB72eh2NT:3vl42pda6D+/PjlLOlZyQipVrCk

Score

10^/10

alex quasar

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

Alex

C2

AlexDaProphet-48452.portmap.host:48452

AlexDaProphet-48452.portmap.host:5555

Mutex

4d204b29-dd2b-42fd-ac4a-dbd6aa2e5209

Attributes

encryption_key
6DA001BD6C6276995240688DD6532A416FADB825
install_name
winrom.exe
log_directory
Logs
reconnect_delay
3000
startup_key
winrom.exe
subdirectory
winrom

Signatures

Quasar family
quasar

Quasar payload 1 IoCs

resource	yara_rule
sample	family_quasar

Files

01b694e73ae67576d5960eef85a9ad2f.exe
.exe windows x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 3.1MB - Virtual size: 3.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ