Behavioral task
behavioral1
Sample
ba59fb813ff718db8a17c4e5d244793d2199383969843ad31d09727b5e5ff156.exe
Resource
win7-20240729-en
General
-
Target
ba59fb813ff718db8a17c4e5d244793d2199383969843ad31d09727b5e5ff156.exe
-
Size
3.1MB
-
MD5
a813f565b05ee9df7e5db8dbbcc0fa43
-
SHA1
f508e738705163233b29ba54f4cb5ec4583d8df1
-
SHA256
ba59fb813ff718db8a17c4e5d244793d2199383969843ad31d09727b5e5ff156
-
SHA512
adb431c372c2e1d0f6019bedefe16a2253fcf76929ba7e2b9f9cc7a253137920615121a1a64f7003a43f39e8b17ace233daca32b2933b6953aa6cf558b834e2e
-
SSDEEP
98304:aydj2yMy5en93hlLLzJjVrv3zs9Yv+Wcvy:pLYvzs9Yv+Wcv
Malware Config
Extracted
quasar
1.4.0
Office04
microsoftsys.ddns.net:4782
67e0653d-eedf-4888-88ab-78e97eb2df27
-
encryption_key
23E5F6D22FEE1750D36544A759A48349B064BC34
-
install_name
PerfWatson1.exe
-
log_directory
Logs
-
reconnect_delay
3000
-
startup_key
svhost
-
subdirectory
KDOT
Signatures
-
Quasar family
-
Quasar payload 1 IoCs
resource yara_rule sample family_quasar -
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource ba59fb813ff718db8a17c4e5d244793d2199383969843ad31d09727b5e5ff156.exe
Files
-
ba59fb813ff718db8a17c4e5d244793d2199383969843ad31d09727b5e5ff156.exe.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 3.1MB - Virtual size: 3.1MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 3KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ