quasar | a0fd925e8720e15498d374a590df4500N | Triage

Sharing

Copy URL Twitter E-mail

General

Target

a0fd925e8720e15498d374a590df4500N
Size

3.1MB
MD5

a0fd925e8720e15498d374a590df4500
SHA1

f2a75b8201b8128402d7a6c5050989c6e41f2e1a
SHA256

917b3c01812c187d8eb8f412d2735ee6d1feae7891758d57b75fca5882b229b5
SHA512

a549ca9c7764054e326ec2da182a02347d1b66c17b05ecd74c7b5bd24a4aa821afbeac4c286cb840d5cd6092a7d0cf2d09fec614bf2ed33de8444d13742f9901
SSDEEP

49152:qf/OZDN0c2jZ6M+20YSALjqrCSrDITHHB72eh2NTS:qfmGZ6720YjLuGV

Score

10^/10

hack cs2 raw/ffg14j5d quasar

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

hack cs2 raw/ffG14j5d

C2

192.168.15.125:4000

Mutex

afc157e1-9b53-4b69-a2de-32362656cfdd

Attributes

encryption_key
644E8339C9D1CA43C7707CC20B6659CDF24226E0
install_name
mslguid.exe
log_directory
logs
reconnect_delay
1000
startup_key
mslguid
subdirectory
msfedge

Signatures

Quasar family
quasar

Quasar payload 1 IoCs

resource	yara_rule
sample	family_quasar

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a0fd925e8720e15498d374a590df4500N

Files

a0fd925e8720e15498d374a590df4500N
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 3.1MB - Virtual size: 3.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ