quasar | vir[.]exe

General

Target

vir.exe
Size

286.6MB
MD5

7c5cf3ce4d3503546558c739d4239a39
SHA1

7f2100a559c6ec01069352f8e809d25922b6ce5a
SHA256

5ee18324f0802b091c03af5dea8115af60c111257b426950869c18bc78dd54f2
SHA512

8838d44ba63ed24d4b5ff773a2f1d70ce55eacabf1e3fac6ac1274d454081b676fcedfa86d8373e70d95198d395a164d0463e8fde3ab14206a434b6d22fd5d94
SSDEEP

6291456:RodBeWFv1k4R4b0ewZkhT4ofHwJjvZDQPf2tLSkHMdHVeVl:RWeSWgfecGT4RjvqP85kAr

Score

10^/10

Family

quasar

Attributes

Detect Umbral payload 1 IoCs

Processes:

resource yara_rule

sample family_umbral
Njrat family
njrat
Quasar family
quasar
Quasar payload 1 IoCs

Processes:

resource yara_rule

sample family_quasar
Umbral family
umbral
AutoIT Executable 1 IoCs
AutoIT scripts compiled to PE executables.

Processes:

resource yara_rule

sample autoit_exe
HTTP links in PDF interactive object 1 IoCs
Detects HTTP links in interactive objects within PDF files.
pdf link

Processes:

resource yara_rule

sample pdf_with_link_action
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.

Processes:

resource

vir.exe
NSIS installer 1 IoCs
installer

Processes:

resource yara_rule

sample nsis_installer_2

resource	yara_rule
sample	family_umbral

resource	yara_rule
sample	family_quasar

resource	yara_rule
sample	autoit_exe

resource	yara_rule
sample	pdf_with_link_action

resource
vir.exe

resource	yara_rule
sample	nsis_installer_2