Behavioral task
behavioral1
Sample
Seroxen.exe
Resource
win7-20240704-en
General
-
Target
Seroxen.exe
-
Size
3.2MB
-
MD5
ecd1d786fb4e8d2fdd9fde6d5ad3f5d3
-
SHA1
bea4d57cb8cc632b0074bfd1ef3739ee11399df1
-
SHA256
f5dccd02d415f96bbde7cdcd9afa5376911166e795486e772a3ffa124fe45302
-
SHA512
123086110b392ab14ca99b91b246266b93b21e0036cde9919649edcd83751cf163688a7795a781c6c3190cc3dcdc272ff7b3b9bc6c617cbac0cbc18908a46f1e
-
SSDEEP
49152:oei8dGFjxJFp/DGoye3Z4LVoc96cppQI2VlUTHHB72eh2NTf:oeCFjxJTbGor3Z4LVocx+b
Malware Config
Extracted
quasar
1.4.1
SKIDS
147.185.221.22:10340
9b51d4f5-bfe4-4a06-ba47-dcfbf9fe8529
-
encryption_key
AEAE9E349BB922A243A5FF22FF4A80613533B71B
-
install_name
Windows Host Process.exe
-
log_directory
Windows-Logs
-
reconnect_delay
3000
-
startup_key
Windows Host Process
-
subdirectory
Windows
Signatures
-
Quasar family
-
Quasar payload 1 IoCs
resource yara_rule sample family_quasar -
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource Seroxen.exe
Files
-
Seroxen.exe.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 3.1MB - Virtual size: 3.1MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 7KB - Virtual size: 6KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ