quasar | Shadow[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

Shadow.exe
Size

14.6MB
MD5

ebf0efb533fd4828bf2d054294cc918b
SHA1

78b21375d6271b95e44f4ec84673ab2f01d64745
SHA256

dff84195811b28b0b77a55e4bb93ed9da1802595ccae1d4bbdc4648a56c0d025
SHA512

4559c86a72902f2e64993c9e9b90e956f1516563897a891ad6b784d5436ed01d0b1096d0d5a2770ed16fff0f0bb290fbd73d9d2d8bda4ac2a0aeb90d5981d006
SSDEEP

393216:PxvvuMSQlNhJuTM7SA0QlNhJuTMGEOEkQlNhJuTMoNHvvvvvvvvvvvvvv4QlNhJP:PxvvuMNNhYTeLDNhYTANhYThNHvvvvvV

Score

10^/10

quasar

Malware Config

Signatures

Quasar family
quasar

Quasar payload 1 IoCs

resource	yara_rule
sample	family_quasar

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
Shadow.exe

Files

Shadow.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Users\pac2o\Downloads\Shadow_Rat_Source\Shadow Rat Source\Shadow-master\Shadow-Master\Quasar.Server\obj\Debug\net452\Shadow.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 14.4MB - Virtual size: 14.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 183KB - Virtual size: 182KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ