Behavioral task
behavioral1
Sample
RyansProject.exe
Resource
win7-20240215-en
General
-
Target
RyansProject.rar
-
Size
1.0MB
-
MD5
44d6e8a53cff50cc3363e729ce3ecb04
-
SHA1
c9b66072ab2179194baee927b4ab04d43d64ddf5
-
SHA256
17f1c062b320bd3c8b938a07f9518affaf837fc253fe20c624187faa114938ae
-
SHA512
a93a888e5438c9a1d7453874da93d6aa860fd92be616d4a349870f025c3c79ab3ed24403f635d3e1496799930ac08c9c1f58cf0580720a70bbf43c2aaad11189
-
SSDEEP
24576:chwvvo1pFZy66oGQ87rPp0Zu/mZh0NYUhtSoMnPVPanJbnOgzBgLwKjV:cAQFo66TrhclvZUXS+5OgmwKp
Malware Config
Extracted
quasar
1.4.1
Office04
192.168.1.226:4782
aec627fa-aba4-45fa-a0fc-e456110a730a
-
encryption_key
7D414F9EC5601C94A757DDCDCF7C7A7809D8CFD0
-
install_name
Client.exe
-
log_directory
Logs
-
reconnect_delay
3000
-
startup_key
Quasar Client Startup
-
subdirectory
SubDir
Signatures
-
Quasar family
-
Quasar payload 1 IoCs
Processes:
resource yara_rule static1/unpack001/RyansProject.exe family_quasar -
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Processes:
resource unpack001/RyansProject.exe
Files
-
RyansProject.rar.rar
-
RyansProject.exe.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 3.1MB - Virtual size: 3.1MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 3KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ