quasar | abe23d8d73061f09f6c66acb1fba3fc7f952a8f57f583acfd2c6a5480aed8d62[.]exe

General

Target

abe23d8d73061f09f6c66acb1fba3fc7f952a8f57f583acfd2c6a5480aed8d62.exe
Size

348KB
MD5

16f3ac9a4ca5183fec9a3a21fd3488e1
SHA1

ea6baf86951a97d224f25a893ecd00a156e1a993
SHA256

abe23d8d73061f09f6c66acb1fba3fc7f952a8f57f583acfd2c6a5480aed8d62
SHA512

8ec7a8f684c0318980c6c5b42932c4ef42734199ad6abef22d53b0ba12f14a34012f9b269d064fe60c943693a375fd49f66b8e568d061b277a0ee3de0672d586
SSDEEP

6144:ezNHXf500Mb5t5eewCbYTio7QiWPpQR63ejZEe:wd50HtkRzFQ7PO6OjZEe

Score

10^/10

office04 quasar

Malware Config

Extracted

Family

quasar

Version

1.3.0.0

Botnet

Office04

C2

39.105.31.193:50050

Mutex

QSR_MUTEX_H0vcBfjQRUzioI2ltj

Attributes

encryption_key
SAA4yJPZ67wykJkTFy3u
install_name
Client.exe
log_directory
Logs
reconnect_delay
3000
startup_key
Quasar Client Startup
subdirectory
SubDir

Signatures

Detects Windows executables referencing non-Windows User-Agents 1 IoCs

resource	yara_rule
sample	INDICATOR_SUSPICIOUS_EXE_NoneWindowsUA

Detects executables containing common artifacts observed in infostealers 1 IoCs

resource	yara_rule
sample	INDICATOR_SUSPICIOUS_GENInfoStealer

Quasar family
quasar

Quasar payload 1 IoCs

resource	yara_rule
sample	family_quasar

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
abe23d8d73061f09f6c66acb1fba3fc7f952a8f57f583acfd2c6a5480aed8d62.exe

Files

abe23d8d73061f09f6c66acb1fba3fc7f952a8f57f583acfd2c6a5480aed8d62.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 345KB - Virtual size: 344KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 345KB - Virtual size: 344KB

.rsrc Size: 2KB - Virtual size: 2KB

.reloc Size: 512B - Virtual size: 12B

.text
Size: 345KB - Virtual size: 344KB

.rsrc
Size: 2KB - Virtual size: 2KB

.reloc
Size: 512B - Virtual size: 12B