quasar | Pac-kage[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

Pac-kage.exe
Size

3.1MB
MD5

7fa99c325de5cd92280bc04e494b8a76
SHA1

538f84ee92b1d0b6d72349569d0d065750505418
SHA256

9f42f389358e93b6b144b7ad16f4154b1a038a5c7eeda9304d392d33b649ca0b
SHA512

a8204f75ad0eb1bf30ee8a0c086f7bfaa1220b05a2c1d4f0c027d03ead095926621c99135362905029d139e18f70ebd95c64fa37f0e79058d53f1628de01ebcf
SSDEEP

49152:XvmI22SsaNYfdPBldt698dBcjHfzmdITuyvJproGdV8THHB72eh2NT:Xvr22SsaNYfdPBldt6+dBcjHbvu+

Score

10^/10

pac_kage quasar

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

Pac_kage

C2

192.168.1.14:4782

Mutex

dc0b0eda-0b0a-4516-a0e5-9b7c3bf61e88

Attributes

encryption_key
D346F1DD2F9B28C0E4F41560CF2D0DD70C1CC7FB
install_name
Pac_kage.exe
log_directory
Logs
reconnect_delay
3000
startup_key
Pac_Kage_Updater
subdirectory
SubDir

Signatures

Quasar family
quasar

Quasar payload 1 IoCs

resource	yara_rule
sample	family_quasar

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
Pac-kage.exe

Files

Pac-kage.exe
.exe windows:4 windows x86 arch:x86

Password: Danger

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 3.1MB - Virtual size: 3.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ