quasar | x822a5Je2oKa[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

x822a5Je2oKa.exe
Size

348KB
MD5

d76c13190558d20783fc1e7579122523
SHA1

7a5eb6db945166ce4352cd9c2088dba98ef7aad2
SHA256

f865eaf36d15356e81f043a8c94ea116aba70e9912f81679cc70a5b53bb595b0
SHA512

7aa1f6ebad29ae1e28c092251757cd3d179ec5663a8fa7b04ab956e85081309f70e7924b9b33df0eb85f91079596cb4684197c7b3c03a9e4079e3abea43995f6
SSDEEP

6144:v2NHXf500MKMTjnB7wbCoRbxLKFnjES9q:ud501nVsRVLUnj9q

Score

10^/10

acs hope quasar

Malware Config

Extracted

Family

quasar

Version

1.3.0.0

Botnet

ACS hope

C2

crazydns.linkpc.net:26133

Mutex

QSR_MUTEX_6iGAmxpR39hpOQEFqk

Attributes

encryption_key
qiJ37BhO6EEtAoSo8ukb
install_name
Client.exe
log_directory
Logs
reconnect_delay
3000
startup_key
Quasar Client Startup
subdirectory
SubDir

Signatures

Quasar family
quasar

Quasar payload 1 IoCs

resource	yara_rule
sample	family_quasar

Files

x822a5Je2oKa.exe
.exe windows x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 344KB - Virtual size: 344KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ