quasar | 6ff6744642254db2e8edae81cb38e8cd7cd6d96b5eaced93f8164b259081e028

General

Target

6ff6744642254db2e8edae81cb38e8cd7cd6d96b5eaced93f8164b259081e028
Size

180KB
MD5

9bddac818b55e58e3a0078476833d927
SHA1

b6714a237485fdb31c257789173ca3932e72ceef
SHA256

6ff6744642254db2e8edae81cb38e8cd7cd6d96b5eaced93f8164b259081e028
SHA512

ec5789dbeb9297bef2fa62a78934ee997af2e66fd4a34e6d874a43e514281e72ddfe4deb4bd5534bcf5b98cf80e522f9345604de1633b8ab99f2277c7526eb7a
SSDEEP

3072:Ds+kh/1uKoBiFVhxYiURTKaNW+LuetjZsr+mK4JMog3pYz88qlPiOe35Gkdk:q9uTBizhxYjmEir+mK4J+pCJOIk

Score

10^/10

win32 quasar

Family

quasar

Version

1.3.0.0

Botnet

win32

C2

youtubevideos.duckdns.org:12

Mutex

QSR_MUTEX_jhzpDVzF2AMxWiXSTT

Attributes

Quasar payload 1 IoCs

resource	yara_rule
static1/unpack001/b14b984222f92302952bff13eb2941b5494e4c0250b9fa5d3d4968157e70fe67.exe	family_quasar

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/b14b984222f92302952bff13eb2941b5494e4c0250b9fa5d3d4968157e70fe67.exe

6ff6744642254db2e8edae81cb38e8cd7cd6d96b5eaced93f8164b259081e028
.zip

Password: infected
b14b984222f92302952bff13eb2941b5494e4c0250b9fa5d3d4968157e70fe67.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 344KB - Virtual size: 344KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ