Behavioral task
behavioral1
Sample
Client-built.exe
Resource
win7-20231023-en
General
-
Target
Client-built.exe
-
Size
3.1MB
-
MD5
96ce3568a30aa5cff3bfab3584598c27
-
SHA1
cb991a58a0b051d58875c2f5c31bac72bafabd44
-
SHA256
c88083a474e5b7e6ce0fc6a69d40bb0e970d9a4c87f876f2d25dd96c5bc9e43a
-
SHA512
2952b9e3295959f85c185939033b9db8bf718f6b61e39a43fd4c73465668d7e8ac7d58d8203a8ad40cb8a3bc8be7768b9dde9f7e80cb8fe7fe46d2bb26662529
-
SSDEEP
49152:+vHY52fyaSZOrPWluWBuGG5g5h9SvMKhZvJECoGdcTHHB72eh2NT:+v452fyaSZOrPWluWBDG5g5hmhH
Malware Config
Extracted
quasar
1.4.1
Ratted
2111:4782
e10c6aee-d1da-439a-b42c-cdd801ad8571
-
encryption_key
3F5B4808528A107542B316F35627537887A253A5
-
install_name
Client.exe
-
log_directory
Logs
-
reconnect_delay
3000
-
startup_key
Loggerv2
-
subdirectory
SubDir
Signatures
-
Quasar family
-
Quasar payload 1 IoCs
resource yara_rule sample family_quasar -
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource Client-built.exe
Files
-
Client-built.exe.exe windows:4 windows x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 3.1MB - Virtual size: 3.1MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 3KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ