General
-
Target
ss.exe
-
Size
3.1MB
-
MD5
e786c5e43fd18c2059613d5e7d490cde
-
SHA1
adef35755782160a2bb8977efbbcaa747a3e07cd
-
SHA256
f80608ffcfae5dd4255704e7a65fca72882dce5b23d3fda13c11e560c4c45d20
-
SHA512
09310d47dd39722042f9551a2eb21b3fec1f1a05123fa92164940a70466b7cfc1bd56a15ca7c90ebac01c8933da1cccc5dc889a0f91d476b0d214edfa211593f
-
SSDEEP
98304:3vJL26AaNeWgPhlmVqkQ7XSKJdRJ67n4:fH4SwK
Malware Config
Extracted
quasar
1.4.1
Office04
bin-inspections.gl.at.ply.gg:64055
536deaa9-57d2-448a-ae01-b604426d7fa6
-
encryption_key
DBB529B3F56F6D23695F8D7AC9BA28484A0D6D0F
-
install_name
Client.exe
-
log_directory
Logs
-
reconnect_delay
3000
-
startup_key
Quasar Client Startup
-
subdirectory
SubDir
Signatures
-
Quasar family
-
Quasar payload 1 IoCs
Processes:
resource yara_rule sample family_quasar -
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Processes:
resource ss.exe
Files
-
ss.exe.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 3.1MB - Virtual size: 3.1MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 3KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ