quasar | Quasar[.]exe | Triage

Sharing

General

Target

Quasar.exe
Size

1.2MB
MD5

061e986ef7b1a4c883f0da79f96537c0
SHA1

1ec4496a6dd4e0eae05cff977ae6d0fcb77dd022
SHA256

31d1488e6d5e80fd6d1aba0b73f3ff7ca69d65f649298358acff26aceffdca57
SHA512

cd68ed61957b3aaed5eba72a44c81adf04712710355ab742f23d34725801efe82cc57a37390ae61bf32f4d4fae12c5165642c32076faa5005af634febff9ed91
SSDEEP

12288:NJqRU1HYLsYebQNVBBBYiL9l/bFfpBBBBBBBBBBBBk5:vtYBBBYiLvzFfpBBBBBBBBBBBBk5

Score

10^/10

quasar

Malware Config

Signatures

Quasar family
quasar
Quasar payload 1 IoCs

Processes:

resource yara_rule

sample family_quasar
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.

Processes:

resource

Quasar.exe

Files

Quasar.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Users\Robercik\Desktop\Quasar-master\Quasar.Server\obj\Debug\net452\Quasar.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 34KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ