Behavioral task
behavioral1
Sample
884037306c425626aac2216ad5f31190N.exe
Resource
win7-20240708-en
General
-
Target
884037306c425626aac2216ad5f31190N.exe
-
Size
3.1MB
-
MD5
884037306c425626aac2216ad5f31190
-
SHA1
1f41e2d531e5f59f718edcd607ba1f0ff8781a1b
-
SHA256
a60df1f25c47567b3b0d9bb16dc009b30aaa910d58b150126312e9181d556323
-
SHA512
52ca84d19599db8b8bef2ae1a7b092f45b6ec3d4b87757f94527f71161d0c9504ff36848d768b6ffc61cc22ab4ee9bca8db308e9b862aba710cb3b7932adf67f
-
SSDEEP
49152:OvBt62XlaSFNWPjljiFa2RoUYITdRJ6ubR3LoGdLikTHHB72eh2NT:Ovr62XlaSFNWPjljiFXRoUYITdRJ6o7
Malware Config
Extracted
quasar
1.4.1
loader
98.226.45.190:4782
29e6bab7-887c-4692-a855-45d37186c3ff
-
encryption_key
534371B2D807037820BCFDCF69DE6B7E2CFA2732
-
install_name
loader.exe
-
log_directory
Logs
-
reconnect_delay
3000
-
startup_key
loader
-
subdirectory
loader
Signatures
-
Quasar family
-
Quasar payload 1 IoCs
resource yara_rule sample family_quasar -
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 884037306c425626aac2216ad5f31190N.exe
Files
-
884037306c425626aac2216ad5f31190N.exe.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 3.1MB - Virtual size: 3.1MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 3KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ