Behavioral task
behavioral1
Sample
1d686b05f745875e28939abe357baedd169b59f5a0d88.exe
Resource
win7-20240704-en
General
-
Target
1d686b05f745875e28939abe357baedd169b59f5a0d88.exe
-
Size
3.1MB
-
MD5
e3e1f7fa42dd68f410bb885f0aefe5e3
-
SHA1
d51edc519d86a11e6533cd4cac8f190dd3f7d4bb
-
SHA256
1d686b05f745875e28939abe357baedd169b59f5a0d8825b602fd803a6303ba3
-
SHA512
92ac0379074366a4dbb9235d8c61935be6d8086629611dbcdecdaf680a0a8636f7810d4f6394dbdee5b1e463842284ab9855534da4627677965557e8eb609aa3
-
SSDEEP
49152:6v5t62XlaSFNWPjljiFa2RoUYIHSz3farvLoGdRbTHHB72eh2NT:6vT62XlaSFNWPjljiFXRoUYI+38B
Malware Config
Extracted
quasar
1.4.1
Office04
193.42.11.9:4329
4c2abd13-f813-4493-8701-1c7115caee61
-
encryption_key
665C8B508EC328B12F8F1A2A20662BF0DBA9F069
-
install_name
edge.exe
-
log_directory
Logs
-
reconnect_delay
1000
-
startup_key
Chrome
-
subdirectory
browser
Signatures
-
Quasar family
-
Quasar payload 1 IoCs
Processes:
resource yara_rule sample family_quasar -
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Processes:
resource 1d686b05f745875e28939abe357baedd169b59f5a0d88.exe
Files
-
1d686b05f745875e28939abe357baedd169b59f5a0d88.exe.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 3.1MB - Virtual size: 3.1MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 3KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ