quasar | bc354d5e2299c68361b61912201ad7c7[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

bc354d5e2299c68361b61912201ad7c7.exe
Size

3.3MB
MD5

bc354d5e2299c68361b61912201ad7c7
SHA1

5cc43483e82a5c36e22e5503be7c4674a906a453
SHA256

c9c3806de68b4735df007d625d13cbb604068123fa193422ad5d9d70fe3201e3
SHA512

8a1e2b18b28193c9b79c0327035b64e86c6e457ba179bef898545334bfc6badb0b16684cfd51f0ba3ab9894fd9036022c55e0a2ce5271f94025aba5fa01338a2
SSDEEP

49152:fv2I22SsaNYfdPBldt698dBcjHbYGjBeMboadQXTHHB72eh2NT:fvb22SsaNYfdPBldt6+dBcjHkG1

Score

10^/10

dt quasar

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

DT

C2

77.232.132.25:4999

Mutex

74f90cb1-2101-421a-86e3-347ca0c7fcd8

Attributes

encryption_key
790BD6D1C1540AE1BFB811F2DC1E0185525C5DCB
install_name
LestaClient.exe
log_directory
LestaLogs
reconnect_delay
3000
startup_key
Lesta Game Center
subdirectory
Lesta

Signatures

Quasar family
quasar

Quasar payload 1 IoCs

resource	yara_rule
sample	family_quasar

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
bc354d5e2299c68361b61912201ad7c7.exe

Files

bc354d5e2299c68361b61912201ad7c7.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 3.1MB - Virtual size: 3.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 147KB - Virtual size: 147KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ