quasar | Client-built[.]exe

General

Target

Client-built.exe
Size

3.2MB
MD5

986dc7301d3af14a13e54ee6b3963451
SHA1

4b110fb4248b17b92aa3b3010bc31bb0bd4d1b10
SHA256

06c4c62665a3434d66fae0cbaebdb2a5f6905bba8ccc333205059ea13e99b135
SHA512

60f454f655c69d047f901eb4abfe8667e98176ba4c51bc4ab9389c714a610d0c7c2b1d2fe80ed7e4db86e4230e2e5de8efc899647788bb5e3a101e762d6281d2
SSDEEP

49152:mv+lL26AaNeWgPhlmVqvMQ7XSK7K63Lar/LoGdlTHHB72eh2NTS:mvuL26AaNeWgPhlmVqkQ7XSKT3Ub

Score

10^/10

t254 quasar

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

t254

C2

t2558628-45777.portmap.host:45777

Mutex

932c65d6-da03-4072-adb9-2376e00c0a8e

Attributes

encryption_key
236980CA68F0687D520534421E23683400294B98
install_name
Client.exe
log_directory
Windows_Logs
reconnect_delay
3000
startup_key
Windows defender startup client
subdirectory
SubDir

Signatures

Quasar family
quasar

Quasar payload 1 IoCs

Processes:

resource	yara_rule
sample	family_quasar

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
Client-built.exe

Files

Client-built.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 3.1MB - Virtual size: 3.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 105KB - Virtual size: 105KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 3.1MB - Virtual size: 3.1MB

.rsrc Size: 105KB - Virtual size: 105KB

.reloc Size: 512B - Virtual size: 12B

.text
Size: 3.1MB - Virtual size: 3.1MB

.rsrc
Size: 105KB - Virtual size: 105KB

.reloc
Size: 512B - Virtual size: 12B