quasar | 0c4bb0c3f4b808f4706923019eaa46be | Triage

Sharing

General

Target

0c4bb0c3f4b808f4706923019eaa46be
Size

506KB
MD5

0c4bb0c3f4b808f4706923019eaa46be
SHA1

75ce40812a3ecb63899d8f6c8cbb310693b19fa4
SHA256

d99b51039634c4d1f0c7b74b71eddfd56a078b6e8ba3a6fa9a254b972df8706f
SHA512

d50c9f9fa404ee19b498e657dfd9c79bb95a505c879ea166d056f3df2b9d2b2268f558bd29ce3a54d33f852198cb319d68dc1eb73d39d7d226e346200fe1adb6
SSDEEP

12288:uTEgdfYKbge6tdV2f0DVC/rG2VpvEadw4SRcdx:LUwbKGVC/q2Vpvcbcdx

Score

10^/10

discord quasar

Malware Config

Extracted

Family

quasar

Version

1.4.0

Botnet

Discord

C2

10.0.0.196:4782

Mutex

a17c963d-9219-4baa-8150-21a123e267db

Attributes

encryption_key
CD3311A764D7EB9515FB64E08C58E089B1B5E60F
install_name
Client.exe
log_directory
windows
reconnect_delay
3000
startup_key
Host Process for Windows Tasks
subdirectory
SubDir

Signatures

Quasar family
quasar

Quasar payload 1 IoCs

resource	yara_rule
sample	family_quasar

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0c4bb0c3f4b808f4706923019eaa46be

Files

0c4bb0c3f4b808f4706923019eaa46be
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 498KB - Virtual size: 497KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ