Behavioral task
behavioral1
Sample
Bootstrapper.exe
Resource
win7-20240729-en
General
-
Target
Bootstrapper (extract.me).zip
-
Size
1.3MB
-
MD5
2fa5f104c3b0286c739b4768e8b94c09
-
SHA1
14d71866362ccebdf46eaaaa0d8c4b7605966d04
-
SHA256
f75a45087aac828dd3f21760b5af31c5a83c7209a67645d5080c39129ff46488
-
SHA512
7564e03bfcd6a804b6231c513c171b5063229a0430fe3e2c78537b2f7833c9bbb5eee9b16a8a870ad7e92dbaceb8ba8f04eca04b113910336c80486de89517b2
-
SSDEEP
24576:JpRma1YACmHZFVZRo6HYSS9p5abZ4Ffb5MNliPoePloqtkxBk2Xv/p+KY4V:Y43/HZTTuWZ4Ffsliz7tcbf/f1V
Malware Config
Extracted
quasar
1.4.1
Office04
wefdwef-34180.portmap.host:34180
c4be1726-3f86-4f80-bc7c-0779b06ffeeb
-
encryption_key
97BF1FDCF446A7218FA05296FD8D8F0C41A6B1E7
-
install_name
Bootstrapper.exe
-
log_directory
Logs
-
reconnect_delay
3000
-
startup_key
Spotify
-
subdirectory
system32
Signatures
-
Quasar family
-
Quasar payload 1 IoCs
Processes:
resource yara_rule static1/unpack001/Bootstrapper.exe family_quasar -
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Processes:
resource unpack001/Bootstrapper.exe
Files
-
Bootstrapper (extract.me).zip.zip
-
Bootstrapper.exe.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 3.1MB - Virtual size: 3.1MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 3KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ