quasar | 0f80a2828ab176a16ded0177fea53764[.]bin

General

Target

0f80a2828ab176a16ded0177fea53764.bin
Size

1.2MB
MD5

286c32fa06629bef995448dd5a2e193b
SHA1

297e11d3e1029ac8455968bf27b341f8446f0d22
SHA256

6d8b8c850c83048fa48471901669f4a239b33f642b4d7b9db158f28696ee0878
SHA512

0a8696eece51a0a9f222d93e0280917c2ba4b60359bd9049dd997c59bcdfc3641697d148f4f818876ac9b268791c1fa9f44ae68f6b3d90352737e6b25c02b027
SSDEEP

24576:12+9jHfoWYnJe+o2EU8HhNNk4DtRBtdV2nrMtBLTYcIyBrYS:12+97gjJeH2AHhtRBnArQBXYcIAsS

Score

10^/10

java quasar

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

Java

C2

VisoXD-63447.portmap.host:63447

Mutex

6907f902-de45-4188-8da5-3e22f2a6633e

Attributes

encryption_key
C1589EF424F77018CD488E8307C8C1DF199C8A42
install_name
Crash_Logs.exe
log_directory
Java Logs
reconnect_delay
3000
startup_key
Java Startup
subdirectory
SubDir

Signatures

Quasar family
quasar

Quasar payload 1 IoCs

resource	yara_rule
static1/unpack001/c7550dc220b264239f7250607d6af8a0123107be4c377a3c94e5f8e63984b17d.exe	family_quasar

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/c7550dc220b264239f7250607d6af8a0123107be4c377a3c94e5f8e63984b17d.exe

Files

0f80a2828ab176a16ded0177fea53764.bin
.zip

Password: infected
c7550dc220b264239f7250607d6af8a0123107be4c377a3c94e5f8e63984b17d.exe
.exe windows:4 windows x86

Password: infected

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 3.1MB - Virtual size: 3.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 69KB - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Password: infected

Password: infected

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 3.1MB - Virtual size: 3.1MB

.rsrc Size: 69KB - Virtual size: 68KB

.reloc Size: 512B - Virtual size: 12B

.text
Size: 3.1MB - Virtual size: 3.1MB

.rsrc
Size: 69KB - Virtual size: 68KB

.reloc
Size: 512B - Virtual size: 12B