Behavioral task
behavioral1
Sample
1c43c0188fdae13ea8efca2f4d02b9e25a733ec5a01e46dbe757b10e26987e95.exe
Resource
win7-20240903-en
General
-
Target
1c43c0188fdae13ea8efca2f4d02b9e25a733ec5a01e46dbe757b10e26987e95
-
Size
3.1MB
-
MD5
766060f6568ae32f9509562cede078cb
-
SHA1
978fd4ba4a6b2605de31b28b02162a609a1c467a
-
SHA256
1c43c0188fdae13ea8efca2f4d02b9e25a733ec5a01e46dbe757b10e26987e95
-
SHA512
452c499b538f881bbf47da1d0e156464b808b6a37cf017e9d2a9a007a09d70e29db7e6ec5dad5acf03e30afe14912a91f7004e592b9fd45a2f2fca8ab9878ec3
-
SSDEEP
49152:nvulL26AaNeWgPhlmVqvMQ7XSKfn7RJ6abR3LoGdbTHHB72eh2NT:nveL26AaNeWgPhlmVqkQ7XSKf7RJ60
Malware Config
Extracted
quasar
1.4.1
Office04
El-Kaide-36693.portmap.host:36693
34fdb5eb-c15b-4565-9e7b-f5f3b56d3fca
-
encryption_key
60E284A9CD988AF8E0CBA13DDAC0B989F7507F62
-
install_name
Client.exe
-
log_directory
Logs
-
reconnect_delay
3000
-
startup_key
Quasar Client Startup
-
subdirectory
SubDir
Signatures
-
Quasar family
-
Quasar payload 1 IoCs
resource yara_rule sample family_quasar -
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 1c43c0188fdae13ea8efca2f4d02b9e25a733ec5a01e46dbe757b10e26987e95
Files
-
1c43c0188fdae13ea8efca2f4d02b9e25a733ec5a01e46dbe757b10e26987e95.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 3.1MB - Virtual size: 3.1MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 3KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ