General
-
Target
solaris-cracked.exe
-
Size
3.1MB
-
MD5
ac85eaa17d9c8e9c54f34bde2eb28d3a
-
SHA1
282725d2ccb8e000917ce5cb513e72c127416cd4
-
SHA256
48b9efb682d2cd81f83d183dfafc1af2c4688ee2b4e7c13bba02aa7d4415b3d7
-
SHA512
341f646378f9d8179907d5c5bfd391cb76bcc9f0de6bbda5c12978e9820bf74c924f9088b714fe0fd0d3a59709069825aa1b362a6bdf207cb5ad5f09dac8779f
-
SSDEEP
49152:yvbI22SsaNYfdPBldt698dBcjHsW+RJ6DbR3LoGdrTHHB72eh2NT:yvk22SsaNYfdPBldt6+dBcjHs3RJ61
Malware Config
Extracted
quasar
1.4.1
Office04
192.168.4.63:4782
9673d61d-ce11-4a8b-bb07-673110a37bd4
-
encryption_key
E82C59158D805AC8DAE708B54BEAF999E98A2E56
-
install_name
Client.exe
-
log_directory
Logs
-
reconnect_delay
3000
-
startup_key
Quasar Client Startup
-
subdirectory
SubDir
Signatures
-
Quasar family
-
Quasar payload 1 IoCs
resource yara_rule sample family_quasar -
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource solaris-cracked.exe
Files
-
solaris-cracked.exe.exe windows x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 3.1MB - Virtual size: 3.1MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 3KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ