quasar | d8e1f8133b33f2a57c43088d2848c744e9a61aba41d52d019b1eb62fc4b1552c

General

Target

d8e1f8133b33f2a57c43088d2848c744e9a61aba41d52d019b1eb62fc4b1552c
Size

502KB
MD5

22dcffb27d97e5307563e371b2def462
SHA1

3321cd46304f11dd4dc31a83b61a89d85ebfc548
SHA256

d8e1f8133b33f2a57c43088d2848c744e9a61aba41d52d019b1eb62fc4b1552c
SHA512

abfbb8bae85508b36792d49a296a515f5827e95207a8eb075953b0a3cc95cdf7eb2e8c32565bc06b41d3c4e2e02fbbec45c7f53a5df246b18719cb272c74ab43
SSDEEP

6144:dTEgdc0YtXAGbgiIN2RSBNZicdz7x3JXV6vjTcEDFb8F9tCUljY/10cTR3+:dTEgdfYBbgWcpaTKxjY/Wcd+

Score

10^/10

office05 quasar

Malware Config

Extracted

Family

quasar

Version

1.4.0

Botnet

Office05

C2

38.180.9.93:4782

38.180.9.93:4783

Mutex

32672773-f3f5-4ec0-837a-7adbf29ae46f

Attributes

encryption_key
C9BC046B617DD0F608706B9640C8D97C327969FB
install_name
Client.exe
log_directory
Logs
reconnect_delay
3000
startup_key
esnt Startup
subdirectory
SubDir

Signatures

Detects Windows executables referencing non-Windows User-Agents 1 IoCs

resource	yara_rule
sample	INDICATOR_SUSPICIOUS_EXE_NoneWindowsUA

Detects executables containing common artifacts observed in infostealers 1 IoCs

resource	yara_rule
sample	INDICATOR_SUSPICIOUS_GENInfoStealer

Quasar family
quasar

Quasar payload 1 IoCs

resource	yara_rule
sample	family_quasar

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d8e1f8133b33f2a57c43088d2848c744e9a61aba41d52d019b1eb62fc4b1552c

Files

d8e1f8133b33f2a57c43088d2848c744e9a61aba41d52d019b1eb62fc4b1552c
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 498KB - Virtual size: 497KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 498KB - Virtual size: 497KB

.rsrc Size: 3KB - Virtual size: 2KB

.reloc Size: 512B - Virtual size: 12B

.text
Size: 498KB - Virtual size: 497KB

.rsrc
Size: 3KB - Virtual size: 2KB

.reloc
Size: 512B - Virtual size: 12B