quasar | 1EAAC929BFEC99FBB06CF9871C9093BA[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

1EAAC929BFEC99FBB06CF9871C9093BA.exe
Size

3.1MB
MD5

1eaac929bfec99fbb06cf9871c9093ba
SHA1

d9b10f8785e173e2f210a36dc10db3367a076338
SHA256

d08fbce12159858a1e805002d0100ad264d527df79f9c078bcb70737588cb03a
SHA512

776168a0584fdf426c3e26289bcf8f918c63da20b04013b7fc0c920da2620c3e08b1857c13fadf7dc61109d2afc964f6493b2b74e815109238941246db4d0752
SSDEEP

49152:yv9t62XlaSFNWPjljiFa2RoUYIoPeEErHXk/uVMoGd6+THHB72eh2NTX:yv/62XlaSFNWPjljiFXRoUYIoPePyK

Score

10^/10

office04 quasar

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

Office04

45.95.214.119:1604

Mutex

f9f58545-e044-4981-817b-950eaa1429c9

Attributes

encryption_key
B45F6102F44CEBC69B790BA64CFCD6C9F8E03CE3
install_name
sys.exe
log_directory
Logs
reconnect_delay
3000
startup_key
Skype
subdirectory
sys64

Signatures

Quasar family
quasar

Quasar payload 1 IoCs

Processes:

resource	yara_rule
sample	family_quasar

Files

1EAAC929BFEC99FBB06CF9871C9093BA.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Code Sign

0d:68:3e:6a:d0:cd:a9:b4:47:5c:f8:ae:1d:7d:21:33
Certificate

Issuer

CN=BattlEye Innovations e.K.,OU=Certification Authority,O=BattlEye Innovations e.K.,L=Basingstoke,ST=Hampshire,C=GB,1.2.840.113549.1.9.1=#0c15426174746c45796540426174746c4579652e636f6d

Not Before

01-01-2015 00:00

Not After

01-01-2088 00:00

Subject

CN=BattlEye Innovations e.K.,OU=Code Management,O=BattlEye Innovations e.K.,L=Basingstoke,ST=BattlEye Innovations e.K.,C=GB,1.2.840.113549.1.9.1=#0c15426174746c45796540426174746c4579652e636f6d

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping
ExtKeyUsageMicrosoftCommercialCodeSigning

Key Usages

KeyUsageDigitalSignature

0b:ae:66:bc:5a:ba:7f:95:87:c6:f9:e9:04:e3:33:04
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

26-09-2024 00:00

Not After

25-11-2035 23:59

Subject

CN=DigiCert Timestamp 2024,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23-03-2022 00:00

Not After

22-03-2037 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01-08-2022 00:00

Not After

09-11-2031 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

52:eb:37:e4:e3:ed:30:20:dc:04:23:27:53:1b:33:a7:9c:39:6c:5a
Signer

Actual PE Digest

52:eb:37:e4:e3:ed:30:20:dc:04:23:27:53:1b:33:a7:9c:39:6c:5a

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 3.1MB - Virtual size: 3.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

f34d5f2d4577ed6d9ceec516c1f5a744

Code Sign

0d:68:3e:6a:d0:cd:a9:b4:47:5c:f8:ae:1d:7d:21:33Certificate

Extended Key Usages

Key Usages

0b:ae:66:bc:5a:ba:7f:95:87:c6:f9:e9:04:e3:33:04Certificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

52:eb:37:e4:e3:ed:30:20:dc:04:23:27:53:1b:33:a7:9c:39:6c:5aSigner

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 3.1MB - Virtual size: 3.1MB

.rsrc Size: 3KB - Virtual size: 2KB

.reloc Size: 512B - Virtual size: 12B

0d:68:3e:6a:d0:cd:a9:b4:47:5c:f8:ae:1d:7d:21:33
Certificate

0b:ae:66:bc:5a:ba:7f:95:87:c6:f9:e9:04:e3:33:04
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

52:eb:37:e4:e3:ed:30:20:dc:04:23:27:53:1b:33:a7:9c:39:6c:5a
Signer

.text
Size: 3.1MB - Virtual size: 3.1MB

.rsrc
Size: 3KB - Virtual size: 2KB

.reloc
Size: 512B - Virtual size: 12B