Behavioral task
behavioral1
Sample
Client-built.exe
Resource
win7-20230831-en
General
-
Target
Client-built.exe
-
Size
3.1MB
-
MD5
b29a2d70ef8fdca191e1ec922f1da2db
-
SHA1
c3e3e39f81debd63c75b51dfa465b751cac8e610
-
SHA256
99c8f5476c5197182fca664a0321e42a05edb8c116ca8a1902c915ada089daf9
-
SHA512
7857c728935486282d6fa47513c2a3bc008f7065302d3ff3938dcf4b00037c387982055e3d29a3b64d66107b0710167e0179182346cde8e2423506b35f8bea49
-
SSDEEP
49152:XvxG42pda6D+/PjlLOlg6yQipVO1kxNESEDk/i9LoGdkTHHB72eh2NT:XvA42pda6D+/PjlLOlZyQipVskxm1
Malware Config
Extracted
quasar
1.4.1
Office04
mes:4782
90.255.152.189:4782
90.255.152.189:8080
2cc3d7d3-cfe8-4d6e-a382-f8b0aa2fb36d
-
encryption_key
FF346F4D8C2E655B32CE303AC58160A19281AFEA
-
install_name
Client.exe
-
log_directory
Logs
-
reconnect_delay
3000
-
startup_key
Windows Power Tools
-
subdirectory
SubDir
Signatures
-
Quasar family
-
Quasar payload 1 IoCs
resource yara_rule sample family_quasar -
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource Client-built.exe
Files
-
Client-built.exe.exe windows:4 windows x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 3.1MB - Virtual size: 3.1MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 3KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ