quasar | Client[.]exe | Triage

Sharing

General

Target

Client.exe
Size

12.3MB
MD5

49fee9e45690cb2d12f32923ff5c7060
SHA1

eaa52d56f0998b81bd54397d0d0d0c68d47e4838
SHA256

4bcc56b8279bc707e0f6a21a9fddc8c67903383f84ba1bc0477b8327ab370719
SHA512

e08c1fb1b1fb76dd6b6d768b397ca7b20bba1aa54affee551e248830ccf8bbf8957e888eb88be4725c047b52c592d13ebae1218771699739c31bcfb43f9d9390
SSDEEP

393216:oTHuJuMZfRcpDfuSkqJc5YYR4FjlHN4Ol:KHJY5c1uSkqJc5l6ZtP

Score

10^/10

quasar

Malware Config

Signatures

Quasar family
quasar

Quasar payload 1 IoCs

Processes:

resource	yara_rule
sample	family_quasar

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
Client.exe

Files

Client.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 12.3MB - Virtual size: 12.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ