quasar | test-cleaned[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

test-cleaned.exe
Size

3.1MB
MD5

b2d51c2c0b1640a5145ef081cffc5eda
SHA1

011fd2166f81dfdc9621be5e103d5ee74b79f846
SHA256

22a2df179788cbf4c606994dc7b216e81dc03c915aae234c448fae60f64986fd
SHA512

8845af54747c3cf3512c894296f47ecb4995fd3fd825e184de9c69c5d2751d47b389eda69fb903dce8d5e512a578855078a90772e9234cd746d1ad6dee1c2e44
SSDEEP

49152:embICLhkbcvNqxztnp5uEvUmyD8NnzzmmfKK7aKaWH2Lk2Nu:embIkabgkptni2zzx

Score

10^/10

quasar

Malware Config

Extracted

Family

quasar

Attributes

reconnect_delay
3000

Signatures

Quasar family
quasar

Quasar payload 1 IoCs

resource	yara_rule
sample	family_quasar

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
test-cleaned.exe

Files

test-cleaned.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 3.0MB - Virtual size: 3.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ