General
-
Target
Dishkum Tena.rar
-
Size
1.0MB
-
MD5
f2715fdbcd028afa00787a02ce3f9e6d
-
SHA1
61080026cbc016e6248f7ef2dc135c21eb4c93de
-
SHA256
b20abd5beb95d17b9c77dc4fa06c98af37b62489e9cf5da8e4e12b19ed93cf6f
-
SHA512
aa898f2567db93d2097d02540238ea4d83cc094b5ec07d1b548b846c575e1d2d67a2be3ab8b48d3ee6a1e19102e2231bbb0db98ab275757949fc791040d31bb0
-
SSDEEP
24576:BN0XV+4jqWA7ltRseYUmNT2NknUaxJeh1flSCewl8ul:BqVMWA7lcexmNT2unhxJerfsCN8ul
Malware Config
Extracted
quasar
1.4.1
Dani69
192.168.1.2:4782
9f26ad88-50ee-4f62-81ff-c770a798a67c
-
encryption_key
81B07382BFEB227CBA1AE8701042E7A26708E9ED
-
install_name
Dani69.exe
-
log_directory
Logs
-
reconnect_delay
3000
-
startup_key
Dani69
-
subdirectory
SubDir
Signatures
-
Quasar family
-
Quasar payload 1 IoCs
Processes:
resource yara_rule static1/unpack001/Dishkum Tena.exe family_quasar -
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Processes:
resource unpack001/Dishkum Tena.exe
Files
-
Dishkum Tena.rar.rar
Password: 123
-
Dishkum Tena.exe.exe windows:4 windows x86 arch:x86
Password: 123
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 3.1MB - Virtual size: 3.1MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 3KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ