Behavioral task
behavioral1
Sample
test.exe
Resource
win7-20240215-en
General
-
Target
test.exe
-
Size
3.3MB
-
MD5
fbeec3a99ddfa31e7aac9b09f4ca8158
-
SHA1
2b66e39b1e98320db37578a317021f870a39302b
-
SHA256
6aada60dd11d7a1157b24ccffa3d6ef2b5200487779ea648c36a92ffdba93af8
-
SHA512
62bc3ee9f312d341116c37c8c0e781896699aa598e7904c2eb6fe5374aa17eda77fa053346e9909bf5677b4ccd59e7ea8e6d4ac5c637f434532abd040f24f88d
-
SSDEEP
49152:KvyI22SsaNYfdPBldt698dBcjHdffaBxtFoGdKTHHB72eh2NT:Kvf22SsaNYfdPBldt6+dBcjHRfK
Malware Config
Extracted
quasar
1.4.1
Office04
192.168.0.220:1234
1086eee1-251e-49e1-b643-b2a2bc0e42ea
-
encryption_key
A0937AB413B78114B0DA85D9EA95BA3AF9187438
-
install_name
Updater.exe
-
log_directory
Logs
-
reconnect_delay
3000
-
startup_key
Application Frame Handler
-
subdirectory
Security
Signatures
-
Quasar family
-
Quasar payload 1 IoCs
resource yara_rule sample family_quasar -
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource test.exe
Files
-
test.exe.exe windows:4 windows x86 arch:x86
Password: testvirus
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 3.1MB - Virtual size: 3.1MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 208KB - Virtual size: 208KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ