Behavioral task
behavioral1
Sample
02.exe
Resource
win7-20240704-en
General
-
Target
02.exe
-
Size
3.1MB
-
MD5
3053a2a43ba2fbc6e3e3ecbecde806d1
-
SHA1
6ae60c2879ebe69ac40d149ed5a608250d022dce
-
SHA256
c1dd6ce8d69876282a88739c537d5a2369a19c4b6cf360af5983c12c9dc3f2d6
-
SHA512
b9e90616bde8da38d055a510f18f41da9b3f4a64d1b59e4f27af889496edb86c1467273a721ceb6e1c65d9410db523755f5ba7422016bcada2335a8b6038044e
-
SSDEEP
49152:zvbI22SsaNYfdPBldt698dBcjHsHxNESExk/iLLoGdNTHHB72eh2NT:zvk22SsaNYfdPBldt6+dBcjH0xQX
Malware Config
Extracted
quasar
1.4.1
Office04
10.109.9.184:4782
1916cb83-b99a-4ecb-a054-4e009de2edc6
-
encryption_key
CE28057C20C1DED27F22AD4254F5C2C5464D46B3
-
install_name
Client.exe
-
log_directory
Logs
-
reconnect_delay
3000
-
startup_key
Quasar Client Startup
-
subdirectory
SubDir
Signatures
-
Quasar family
-
Quasar payload 1 IoCs
resource yara_rule sample family_quasar -
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 02.exe
Files
-
02.exe.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 3.1MB - Virtual size: 3.1MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 3KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ