quasar | 653798b0c7226a4189bded9afaae0f0c540216c2acda512c809a61008e4ae169[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

653798b0c7226a4189bded9afaae0f0c540216c2acda512c809a61008e4ae169.exe
Size

3.2MB
MD5

91303874b8a51ac4da1d9da6ebb3d0ef
SHA1

f41ed21d3a37069355b5c84222bea6f6b68d64bf
SHA256

653798b0c7226a4189bded9afaae0f0c540216c2acda512c809a61008e4ae169
SHA512

acad1d59abd248c12ee918496d9a40c16a040c765d42d074c9ed0b055e97bddc6563ead28666122c30d8a887ff87ba190c4ad33478ed8f0e26e3c8d50e9e42aa
SSDEEP

49152:gvEuf2NUaNmwzPWlvdaKM7ZxTwqnxNESEdk/iqLoGdQTHHB72eh2NTDyfo:gvzf2NUaNmwzPWlvdaB7ZxTwSx8URK

Score

10^/10

hi quasar

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

care-somewhere.gl.at.ply.gg:38177

127.0.0.1:38177

Mutex

09a22f35-6eea-40d3-8df0-f44e1f092037

Attributes

encryption_key
D9185A099F336661ED8D6035D739C63B5B34E3D8
install_name
Client.exe
log_directory
Logs
reconnect_delay
3000
startup_key
Update
subdirectory
SubDir

Signatures

Detects Windows executables referencing non-Windows User-Agents 1 IoCs

resource	yara_rule
sample	INDICATOR_SUSPICIOUS_EXE_NoneWindowsUA

Detects binaries (Windows and macOS) referencing many web browsers. Observed in information stealers. 1 IoCs

resource	yara_rule
sample	INDICATOR_SUSPICIOUS_Binary_References_Browsers

Detects executables containing common artifacts observed in infostealers 1 IoCs

resource	yara_rule
sample	INDICATOR_SUSPICIOUS_GENInfoStealer

Quasar family
quasar

Quasar payload 1 IoCs

resource	yara_rule
sample	family_quasar

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
653798b0c7226a4189bded9afaae0f0c540216c2acda512c809a61008e4ae169.exe

Files

653798b0c7226a4189bded9afaae0f0c540216c2acda512c809a61008e4ae169.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 3.1MB - Virtual size: 3.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 94KB - Virtual size: 93KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 3.1MB - Virtual size: 3.1MB

.rsrc Size: 94KB - Virtual size: 93KB

.reloc Size: 512B - Virtual size: 12B

.text
Size: 3.1MB - Virtual size: 3.1MB

.rsrc
Size: 94KB - Virtual size: 93KB

.reloc
Size: 512B - Virtual size: 12B