Behavioral task
behavioral1
Sample
956-1094-0x0000000000400000-0x0000000000724000-memory.exe
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
956-1094-0x0000000000400000-0x0000000000724000-memory.exe
Resource
win10v2004-20240709-en
General
-
Target
956-1094-0x0000000000400000-0x0000000000724000-memory.dmp
-
Size
3.1MB
-
MD5
aceda2eabbb1217a04b3482643bef80a
-
SHA1
b6f12e3b72968ef59a05d10813178820993a28b5
-
SHA256
997c0bfeece759be86320f17cca8b73e7a3c7c82f0df106867c41eede462523f
-
SHA512
df59ddba06935b69cab8a78383c270b97100a432980e42106353a693066563da52903bb29e05ed47c50ab8c7d5add521dae9dc5a922444cc937b9e5fbc40a5b6
-
SSDEEP
49152:KvWI22SsaNYfdPBldt698dBcjHZ35bbR4jLoGduATHHB72eh2NT:Kv722SsaNYfdPBldt6+dBcjHZ352v
Malware Config
Extracted
quasar
1.4.1
Moveit
193.142.146.212:4782
4b1cd0e7-d736-4aba-b4c8-067d2567b03d
-
encryption_key
E12B8859E2195F69A0C4E8D7025D91C844CB8B49
-
install_name
Client.exe
-
log_directory
Logs
-
reconnect_delay
3000
-
startup_key
Quasar Client Startup
-
subdirectory
SubDir
Signatures
-
Quasar family
-
Quasar payload 1 IoCs
resource yara_rule sample family_quasar -
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 956-1094-0x0000000000400000-0x0000000000724000-memory.dmp
Files
-
956-1094-0x0000000000400000-0x0000000000724000-memory.dmp.exe windows:4 windows x86 arch:x86
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Sections
.text Size: 3.1MB - Virtual size: 3.1MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 3KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ