Behavioral task
behavioral1
Sample
Client-built.exe
Resource
win10-20240404-fr
Behavioral task
behavioral2
Sample
Client-built.exe
Resource
win10v2004-20240802-fr
General
-
Target
Client-built.exe
-
Size
3.3MB
-
MD5
7ab6f43a992374ea2bc02b6870f92726
-
SHA1
52277ea3799bc72c661a82d079184898239301db
-
SHA256
659f42a823f37790b2cbdbfc19d0755a3471bfcb0097cdf48e2f891df62f4819
-
SHA512
e9e98280a618966b3585c684d113ceee90a57e46ce02c64ab64c2a242f51e024c3c5f4f0313587afb9baf02960f6d6ebd939726dbab26680a4d8a6fcfc420a5e
-
SSDEEP
49152:yei8dGFjxJFp/DGoye3Z4LVu0jvqCtQI2VEeTHHB72eh2NTf:yeCFjxJTbGor3Z4LVu0fKw/
Malware Config
Extracted
quasar
1.4.1
SKIDS
147.185.221.22:6712
1051d457-43fe-4be3-87a0-52f2e36a87aa
-
encryption_key
F387A0FF28E4F7F4D7B4E353EB2E71F75D3FB5C0
-
install_name
Windows Host Process.exe
-
log_directory
Windows-Logs
-
reconnect_delay
3000
-
startup_key
Windows Host Process
-
subdirectory
Windows
Signatures
-
Quasar family
-
Quasar payload 1 IoCs
resource yara_rule sample family_quasar -
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource Client-built.exe
Files
-
Client-built.exe.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 3.1MB - Virtual size: 3.1MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 175KB - Virtual size: 175KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ