Behavioral task
behavioral1
Sample
2512-2796-0x0000000000400000-0x000000000045E000-memory.exe
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
2512-2796-0x0000000000400000-0x000000000045E000-memory.exe
Resource
win10v2004-20240226-en
General
-
Target
2512-2796-0x0000000000400000-0x000000000045E000-memory.dmp
-
Size
376KB
-
MD5
466cc5d7ca69c4c86a2359537f8503f8
-
SHA1
21e28a6b59a78a27e6b7bf6037fcd5888103cc75
-
SHA256
31acdbdc3ea483bc0fed8d33a828b8f987e8514b7d147ad110a1b01487254cbb
-
SHA512
94ddb2209255636d6b587091023b657113adba86ba121d9163fd87c5846d95a77edc612839bc676312dbee4d67a88715c12b602d5ac3d4cdf1f7156862bbd1f0
-
SSDEEP
6144:/w6bPXhLApfpvIoNRzv0ybl+EHNCgmE9ynbH8y:omhApHNhMqxQgm2ynbH8y
Malware Config
Extracted
quasar
1.3.0.0
3rd JULY
19ap22.duckdns.org:5555
QSR_MUTEX_7BYyMaxeyNiBPsTahI
-
encryption_key
FKtxNVbGt2pxY6yyI19X
-
install_name
Client.exe
-
log_directory
Logs
-
reconnect_delay
3000
-
startup_key
notes
-
subdirectory
SubDir
Signatures
-
Quasar family
-
Quasar payload 1 IoCs
resource yara_rule sample family_quasar -
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 2512-2796-0x0000000000400000-0x000000000045E000-memory.dmp
Files
-
2512-2796-0x0000000000400000-0x000000000045E000-memory.dmp.exe windows:4 windows x86 arch:x86
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Sections
.text Size: 344KB - Virtual size: 344KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 2KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ