quasar | mailpass_grabber_checker[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

mailpass_grabber_checker.exe
Size

3.1MB
MD5

8b8b8e63ee314ca7e7fb41b1505c8bb2
SHA1

01b3ae7b9f46b8dd21a98326b327417b0a2aed4a
SHA256

5f1dd77b816aebcbf1238bd4af19e7e5a88f946210998ad30a9cd829c7f9ae2c
SHA512

327ed2570e5bfab4ad6c1dd40df4d1e98d7afb5dda5acb0b101ec0e22d55d90dcb2cb0a1f73db96047bbc6b419de2b8350e91520395af34fe26f5e2f4596a698
SSDEEP

49152:SvTt62XlaSFNWPjljiFa2RoUYImkyj3wyck//4oGdMJTHHB72eh2NT:SvB62XlaSFNWPjljiFXRoUYINym

Score

10^/10

pc quasar

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

PC

C2

85.215.149.159:5464

Mutex

ee30a48c-07fe-47de-a88d-5542a9407485

Attributes

encryption_key
15B77B25A069D605CCCD54B1C03E024CB16CA802
install_name
desktop.exe
log_directory
Logs
reconnect_delay
3000
startup_key
desktop
subdirectory
win_dir

Signatures

Quasar family
quasar

Quasar payload 1 IoCs

resource	yara_rule
sample	family_quasar

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
mailpass_grabber_checker.exe

Files

mailpass_grabber_checker.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 3.1MB - Virtual size: 3.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ