Behavioral task
behavioral1
Sample
Client-built.exe
Resource
win7-20240221-en
General
-
Target
Hello.zip
-
Size
1.2MB
-
MD5
71a5a0777c905188d8d419b0e4914fd5
-
SHA1
a2f0d35a8a4eedeb574db6dc5bb6cff8d4f0eef9
-
SHA256
f8b020a7d73dd702f0be5c3b77c4de8ee142bd5a3aac3f4ebc64f16fa9715985
-
SHA512
66da0f340079383705c195dee3e23e55fa101287817e0ae06aa6a3187edb4136ce7a357615c026f30c13de899906bf440cf7c4902dfa421b0bcbee2f08ee4698
-
SSDEEP
24576:8puqb2UP1BfGLkWW1BpE82gk2T5qYc5ey3J8kerpMDvCx9e:3UP1BfGQWCBeAT5qYue0JYpMDvCx9e
Malware Config
Extracted
quasar
1.4.1
Office04
192.168.1.1:4782
88.98.207.207:4782
192.168.1.211:4782
6d19d2f9-1235-4b10-a1dd-486dc3edd052
-
encryption_key
12AE26995FE0F312DC3ADA3C8CD142053AD088CA
-
install_name
Client.exe
-
log_directory
Logs
-
reconnect_delay
3000
-
startup_key
Quasar Client Startup
-
subdirectory
SubDir
Signatures
-
Quasar family
-
Quasar payload 1 IoCs
Processes:
resource yara_rule static1/unpack001/Client-built.exe family_quasar -
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Processes:
resource unpack001/Client-built.exe
Files
-
Hello.zip.zip
-
Client-built.exe.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 3.1MB - Virtual size: 3.1MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 3KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ