Behavioral task
behavioral1
Sample
2eda48729dc77cb35b9e5cabda7a63c0daf839df13d4047c70b8dbfa288963ecN.exe
Resource
win7-20240903-en
General
-
Target
2eda48729dc77cb35b9e5cabda7a63c0daf839df13d4047c70b8dbfa288963ecN.exe
-
Size
341KB
-
MD5
b8507ead18b15a807cafd59c14315120
-
SHA1
0035b089f47d010865b1792e1e8b3774e292f710
-
SHA256
2eda48729dc77cb35b9e5cabda7a63c0daf839df13d4047c70b8dbfa288963ec
-
SHA512
80257e8a53e173cd218bb48c9b7cfad6dddb99234c2babef4b0ae1e219b42e1ef47a4851210aa5ec3a52e82da4412b488142ec4d4345e65fa8e7385eb5b655ce
-
SSDEEP
6144:oLRmi19KZRIo4sY7d+nTzTzTFPsWo2bMmIo7+vfep0:m19KIonkditIoufI0
Malware Config
Extracted
quasar
1.3.0.0
CHAMUTLDA
xowite7203-56864.portmap.host:56864
QSR_MUTEX_b1MzVBeB2fgsMGAB8R
-
encryption_key
A4r7dFvwva7oUnxJWxHI
-
install_name
Client.exe
-
log_directory
Logs
-
reconnect_delay
3000
-
startup_key
System
-
subdirectory
System32
Signatures
-
Quasar family
-
Quasar payload 1 IoCs
resource yara_rule sample family_quasar -
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 2eda48729dc77cb35b9e5cabda7a63c0daf839df13d4047c70b8dbfa288963ecN.exe
Files
-
2eda48729dc77cb35b9e5cabda7a63c0daf839df13d4047c70b8dbfa288963ecN.exe.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 337KB - Virtual size: 337KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 2KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ