quasar | Dishkum Tena[.]rar

General

Target

Dishkum Tena.rar
Size

1.0MB
MD5

f2715fdbcd028afa00787a02ce3f9e6d
SHA1

61080026cbc016e6248f7ef2dc135c21eb4c93de
SHA256

b20abd5beb95d17b9c77dc4fa06c98af37b62489e9cf5da8e4e12b19ed93cf6f
SHA512

aa898f2567db93d2097d02540238ea4d83cc094b5ec07d1b548b846c575e1d2d67a2be3ab8b48d3ee6a1e19102e2231bbb0db98ab275757949fc791040d31bb0
SSDEEP

24576:BN0XV+4jqWA7ltRseYUmNT2NknUaxJeh1flSCewl8ul:BqVMWA7lcexmNT2unhxJerfsCN8ul

Score

10^/10

dani69 quasar

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

Dani69

C2

192.168.1.2:4782

Mutex

9f26ad88-50ee-4f62-81ff-c770a798a67c

Attributes

encryption_key
81B07382BFEB227CBA1AE8701042E7A26708E9ED
install_name
Dani69.exe
log_directory
Logs
reconnect_delay
3000
startup_key
Dani69
subdirectory
SubDir

Signatures

Quasar family
quasar

Quasar payload 1 IoCs

Processes:

resource	yara_rule
static1/unpack001/Dishkum Tena.exe	family_quasar

Unsigned PE 1 IoCs
Checks for missing Authenticode signature.

Processes:

resource

unpack001/Dishkum Tena.exe

resource
unpack001/Dishkum Tena.exe

Files

Dishkum Tena.rar
.rar

Password: 123
Dishkum Tena.exe
.exe windows:4 windows x86 arch:x86

Password: 123

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 3.1MB - Virtual size: 3.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Password: 123

Password: 123

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 3.1MB - Virtual size: 3.1MB

.rsrc Size: 3KB - Virtual size: 2KB

.reloc Size: 512B - Virtual size: 12B

.text
Size: 3.1MB - Virtual size: 3.1MB

.rsrc
Size: 3KB - Virtual size: 2KB

.reloc
Size: 512B - Virtual size: 12B