General
-
Target
quasar-client.exe
-
Size
3.1MB
-
MD5
a277bfe8649a726c04e51f3cecba1150
-
SHA1
b8899339a372f9eb566b622ae7ea31e61d937be1
-
SHA256
3f94db1997a60d4266e9d41fafdca52782b4ec6b2df3ec03f856beccd1a67e8e
-
SHA512
d33b7b23059b6b152cf9328898859bb25d1718e91d5e91f843c85b94ed97f4e5d4eff4763c5705324f2d848d522a237059d3a4d903ecc81805bfc691781262fc
-
SSDEEP
49152:vvSz92YpaQI6oPZlhP3ReybewoZgxNESEHk/ibLoGdqTHHB72eh2NT:vvQ92YpaQI6oPZlhP3YybewoSxKn
Malware Config
Extracted
quasar
1.4.1
StarCommandClient
ddns.ilovemyauntie.com:4782
172.26.182.42:4782
192.168.50.58:4782
a8988113-ae09-400a-8285-0eb01972eddc
-
encryption_key
53525C30BFB8A559EF1ABF980C8E02CBE6DE175D
-
install_name
Client.exe
-
log_directory
$77-Logs
-
reconnect_delay
1000
-
startup_key
Quasar Client Startup
-
subdirectory
SubDir
Signatures
-
Quasar family
-
Quasar payload 1 IoCs
resource yara_rule sample family_quasar -
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource quasar-client.exe
Files
-
quasar-client.exe.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 3.1MB - Virtual size: 3.1MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 3KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ