quasar | vir[.]exe

General

Target

vir.exe
Size

311.5MB
MD5

eb9490492b00c4f14cf133acf95edfe4
SHA1

1d903edafd1429d1554d5b4298496f96129e388b
SHA256

f0025dabe2f4c075dbe09bc534dbe94939d0ae6d45ee4450ec7943fa36fb09cc
SHA512

175f1da82762237282390a3dc1be3164c81b3416514b2bfd16eb1b51e50a9bbabce809baf5f68dad6720df73d5bbedc736999597063ebb9070396cb910d98b72
SSDEEP

6291456:Y2qVJw+odBeWFv1k4R4b0ewZkhT4ofHwJjvZDQPf2tLSkHldHVeVM:rr+WeSWgfecGT4RjvqP85TAK

Score

10^/10

Family

quasar

Attributes

Detect Umbral payload 1 IoCs

Processes:

resource yara_rule

sample family_umbral
Njrat family
njrat
Quasar family
quasar
Quasar payload 1 IoCs

Processes:

resource yara_rule

sample family_quasar
Umbral family
umbral
AutoIT Executable 1 IoCs
AutoIT scripts compiled to PE executables.

Processes:

resource yara_rule

sample autoit_exe
HTTP links in PDF interactive object 1 IoCs
Detects HTTP links in interactive objects within PDF files.
pdf link

Processes:

resource yara_rule

sample pdf_with_link_action
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.

Processes:

resource

vir.exe
NSIS installer 1 IoCs
installer

Processes:

resource yara_rule

sample nsis_installer_2

resource	yara_rule
sample	family_umbral

resource	yara_rule
sample	family_quasar

resource	yara_rule
sample	autoit_exe

resource	yara_rule
sample	pdf_with_link_action

resource
vir.exe

resource	yara_rule
sample	nsis_installer_2