General
-
Target
Uni.exe
-
Size
409KB
-
MD5
4c2bb0618a6eda615c8001d5a7ccd6c0
-
SHA1
c88d2c8bfc5906a5cfef78893d1132edcffd71f0
-
SHA256
abcda524c02f9381d8d43f9ec0079d854db821d77f45e88f50606f46871f81d6
-
SHA512
6abe53339656a023e2a0547f1c2249789c33091d67a21f2e689c6411dc5357e34ec3c65634b6f6955a5023d20803f7c746b13f574bcd84b008abb4a97ea61027
-
SSDEEP
12288:rpg6M1i1v6q1ak/e7xlX7nnvGAwhJLJO:lxqiii6xlLvGjhO
Malware Config
Extracted
quasar
3.1.5
SeroXen
tue-jake.gl.at.ply.gg:29058
$Sxr-xPAuDxLNyBmZ7S2WLJ
-
encryption_key
Pw78RUs175dFrKD7lMwH
-
install_name
Client.exe
-
log_directory
Logs
-
reconnect_delay
3000
-
startup_key
SeroXen
-
subdirectory
SubDir
Signatures
-
Quasar family
-
Quasar payload 1 IoCs
Processes:
resource yara_rule sample family_quasar -
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Processes:
resource Uni.exe
Files
-
Uni.exe.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 405KB - Virtual size: 405KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 2KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ