Behavioral task
behavioral1
Sample
SRCkey.exe
Resource
win10v2004-20240730-en
General
-
Target
SRCkey.exe
-
Size
3.1MB
-
MD5
d0fa55b027cf3268483208bc5087bf14
-
SHA1
758d9396522e8458159bb7b5186340caf767f691
-
SHA256
c1fba0fc260e24b6f42a72d8725aac400465890e5ee1a422cd567229ec1609bc
-
SHA512
418ae9524de8f7326fe77c2664f1cdf2f807c0a50fe6e2619cc32fb863eff08a1b3ec26c029f1e319f540e9074380e8ca2dc9fb3f65e0cb2d26947037967f48b
-
SSDEEP
49152:PvyI22SsaNYfdPBldt698dBcjHkrRJ6VbR3LoGdGTHHB72eh2NT:Pvf22SsaNYfdPBldt6+dBcjHkrRJ6n
Malware Config
Extracted
quasar
1.4.1
Office04
192.168.8.180:4782
b532486b-fe2e-45a2-ac9b-42f784c55957
-
encryption_key
33E00C0591CE60DF8D1A4C8EBCF120A2AD5D348C
-
install_name
Client.exe
-
log_directory
Logs
-
reconnect_delay
3000
-
startup_key
Microsoft defender
-
subdirectory
SubDir
Signatures
-
Quasar family
-
Quasar payload 1 IoCs
Processes:
resource yara_rule sample family_quasar -
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Processes:
resource SRCkey.exe
Files
-
SRCkey.exe.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 3.1MB - Virtual size: 3.1MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 3KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ