General
-
Target
Huxer.rar
-
Size
1.0MB
-
MD5
84982f9d1879137806c3df739bcbf259
-
SHA1
104466ba565fc18f9a8f858139e47db658660a12
-
SHA256
de49824df46b1db23b705329e2013bbe0ad49d937b5372d8dae1dd56bc4ac465
-
SHA512
e82860a5d30476589288726a95c2559080016fe673995898da04ddb6ddbb5f5813fccc2aba5b0ebe8deafdbd4b57a8eac0454ea5c879d7fe4ad3583856835d42
-
SSDEEP
24576:KbsRyyi8xDjtF24u0+I3dlB9waly/vNkaKigOs8pPLG05:Kbs4FijqfEdlB9Zy/FkViHpDG05
Malware Config
Extracted
quasar
1.4.1
Office04
192.168.2.140:4782
cf851edc-cac3-430f-93fc-9c6fd7bc752a
-
encryption_key
91A9A127B605D8AEEBAF1FC4373FB709BB07F819
-
install_name
Huxer.exe
-
log_directory
Logs
-
reconnect_delay
3000
-
startup_key
Key
-
subdirectory
SubDir
Signatures
-
Quasar family
-
Quasar payload 1 IoCs
resource yara_rule static1/unpack001/Huxer.exe family_quasar -
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource unpack001/Huxer.exe
Files
-
Huxer.rar.rar
-
Huxer.exe.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 3.1MB - Virtual size: 3.1MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 3KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ