quasar | Bootstrapper (1)[.]rar

General

Target

Bootstrapper (1).rar
Size

1.0MB
MD5

d9fa5de22e42d5e461b364ea96726a8f
SHA1

ac92043326fec3571c9aac956006eed801a6e999
SHA256

4d1a67cbb466e224e63bb648963c0de048b9fc9af98555a53b663e5e5f3b4695
SHA512

9b851963034d6eac74e3ddd32dd7649649dde0e90a603ac2abb4b67d6445e002d140a7a0667cc3a7f3ac75c070683846e1749d70c54a1b9a36683b8dabf69942
SSDEEP

24576:yF7IDE/sWubWgSC211TB3hJ1bWzTgEC6YRlbVFP704XC7J879x:y5XubWgSC+BBwz0EsbrwUqJ877

Score

10^/10

office04 quasar

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

Office04

C2

wefdwef-34180.portmap.host:34180

Mutex

c4be1726-3f86-4f80-bc7c-0779b06ffeeb

Attributes

encryption_key
97BF1FDCF446A7218FA05296FD8D8F0C41A6B1E7
install_name
Bootstrapper.exe
log_directory
Logs
reconnect_delay
3000
startup_key
Spotify
subdirectory
system32

Signatures

Quasar family
quasar

Quasar payload 1 IoCs

resource	yara_rule
static1/unpack001/Bootstrapper.exe	family_quasar

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Bootstrapper.exe

Files

Bootstrapper (1).rar
.rar

Password: 321
Bootstrapper.exe
.exe windows:4 windows x86 arch:x86

Password: 321

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 3.1MB - Virtual size: 3.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Resubmissions

Sharing

General

Malware Config

Extracted

Signatures

Files

Password: 321

Password: 321

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 3.1MB - Virtual size: 3.1MB

.rsrc Size: 3KB - Virtual size: 2KB

.reloc Size: 512B - Virtual size: 12B

.text
Size: 3.1MB - Virtual size: 3.1MB

.rsrc
Size: 3KB - Virtual size: 2KB

.reloc
Size: 512B - Virtual size: 12B