General
-
Target
Client-built.txt
-
Size
3.1MB
-
MD5
392e90f36274a24ee8c8f1839675a368
-
SHA1
6187de096ed93207bfb1a76e7b3117819d65ca54
-
SHA256
9376c03517ce29bf94817da91aa034685c827fe8dadc19dcaab817dceafe8f64
-
SHA512
44a4ebcc8945a9c5e30bcb8569508a18613847c8483c6817446a598b0d85ea33aa10816a8f4beb0a49269d1727ec0c2faa7b3d079b87f693134578115ee97a69
-
SSDEEP
49152:CvyI22SsaNYfdPBldt698dBcjHL4mQmznLoGdgTHHB72eh2NT:Cvf22SsaNYfdPBldt6+dBcjHL4ml
Malware Config
Extracted
quasar
1.4.1
Office04
192.168.11.20:4782
18f9922e-d378-4916-842c-aa77698839ed
-
encryption_key
2C302960A864412274D2ACC228109C45F5512341
-
install_name
Client.exe
-
log_directory
Logs
-
reconnect_delay
3000
-
startup_key
Quasar Client Startup
-
subdirectory
SubDir
Signatures
-
Quasar family
-
Quasar payload 1 IoCs
resource yara_rule sample family_quasar -
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource Client-built.txt
Files
-
Client-built.txt.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 3.1MB - Virtual size: 3.1MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 3KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ