Behavioral task
behavioral1
Sample
friends forever.exe
Resource
win10v2004-20241007-en
General
-
Target
friends forever.exe
-
Size
3.1MB
-
MD5
ea836fb4533514a9a0e7e1b79378844d
-
SHA1
efda5af5b9ee2d3c6f799e23435a1a4b741232e3
-
SHA256
6f7eb9b82b545931d07d4763a819578e3161f3df295dfcbf6c831be04ee2e61d
-
SHA512
c116e25c1c4550b4ba66137b442d2b7f372a0ac0f27f016e4e86e81b7c0d3f43c964fac5e8fe611690ea44d3caf27911a135ee3f4e44d8b872ec48576f68623a
-
SSDEEP
98304:nvSL26AaNeWgPhlmVqkQ7XSKctFxwnys:vC4SR3x0y
Malware Config
Extracted
quasar
1.4.1
Click Lover
193.161.193.99:44422
98bd51bf-11bf-416b-a912-36f489dfdd26
-
encryption_key
2E11DF8B2B2BF1F6C123C50C37AB3BD9FF752BD5
-
install_name
Video Application.exe
-
log_directory
Logs
-
reconnect_delay
3000
-
startup_key
Video Application
-
subdirectory
SubDir
Signatures
-
Quasar family
-
Quasar payload 1 IoCs
resource yara_rule sample family_quasar -
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource friends forever.exe
Files
-
friends forever.exe.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 3.1MB - Virtual size: 3.1MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 3KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ