Behavioral task
behavioral1
Sample
bb004c673ce411201dd96cf3ca45337b2f423195bc464b923d92fa3694e0bc64.exe
Resource
win7-20240221-en
General
-
Target
bb004c673ce411201dd96cf3ca45337b2f423195bc464b923d92fa3694e0bc64
-
Size
3.5MB
-
MD5
577c088800f5e59079cc84751facf5ce
-
SHA1
796ca31670f9b70aa971c810fce8b98f078d3a73
-
SHA256
bb004c673ce411201dd96cf3ca45337b2f423195bc464b923d92fa3694e0bc64
-
SHA512
51142ae105e85c7dcde4d9536593eae6380dbf880838a41efeacbef8b27487b515850c35ed6f1e3d7b2eee6505c9d0cf97ca0bb627e89eed5c595790e6d03454
-
SSDEEP
49152:cn1A79ccGPLR6+wlczUZpZ1+TzEsT1PW+/mcP4/x:cn279ccGPLR6+wlcoZpZ0p
Malware Config
Signatures
-
Detects executables containing base64 encoded User Agent 1 IoCs
resource yara_rule sample INDICATOR_SUSPICIOUS_EXE_B64_Encoded_UserAgent -
Quasar family
-
Quasar payload 1 IoCs
resource yara_rule sample family_quasar -
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource bb004c673ce411201dd96cf3ca45337b2f423195bc464b923d92fa3694e0bc64
Files
-
bb004c673ce411201dd96cf3ca45337b2f423195bc464b923d92fa3694e0bc64.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 3.5MB - Virtual size: 3.5MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 3KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ