Behavioral task
behavioral1
Sample
Client-built.exe
Resource
win7-20240704-en
General
-
Target
Client-built.exe
-
Size
3.4MB
-
MD5
ad8250eea17d8d7db7c3c23aba289f5c
-
SHA1
c63d1c6b6e8b7789a777b1ffe55f15bbbfc3cc59
-
SHA256
f3de21ec995555ab187ce0a254d2b353c1ed3c06030678f898ec56efabbae51f
-
SHA512
d34b9db43bd08dea4452925c7c1cf4014d03b024a663b5ee938a4f205b3c6c49eccd169cbc687145d54223d07aafcde75ee0807963e705c9c71e130c00086abd
-
SSDEEP
49152:tei8dGFjxJFp/DGoye3Z4LVXcBzJQI2zoTHHB72eh2NTfbDW:teCFjxJTbGor3Z4LVSeDH
Malware Config
Extracted
quasar
1.4.1
SKIDS
147.185.221.22:10340
9b51d4f5-bfe4-4a06-ba47-dcfbf9fe8529
-
encryption_key
AEAE9E349BB922A243A5FF22FF4A80613533B71B
-
install_name
Windows Host Process.exe
-
log_directory
Windows-Logs
-
reconnect_delay
3000
-
startup_key
Windows Host Process
-
subdirectory
Windows
Signatures
-
Quasar family
-
Quasar payload 1 IoCs
resource yara_rule sample family_quasar -
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource Client-built.exe
Files
-
Client-built.exe.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 3.1MB - Virtual size: 3.1MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 215KB - Virtual size: 215KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ