quasar | Ton618[.]exe | Triage

Sharing

General

Target

Ton618.exe
Size

6.6MB
MD5

fa55ec4c1f2bde276ead921187cf36c1
SHA1

ed2ba8a4c96f4f473e13baae9f6057bcdb043519
SHA256

b32538fc97c82d2e3623d1b3ea1b7daa8948399da29651a6350bb598d183027c
SHA512

6941dc68fa19375f6882c3cd6cd34fa5db6de8a421194207ed076f8272e256269b923a52c8141001204d87df288179ab7d3e5fc459e031c0c64a1dbc06fe43b1
SSDEEP

49152:YEBm0Yz3KSzjhnbv5+/GSJFDdykdb2FXu7J2xePZaTohmxksuO+zTzuISFYUaGxE:YEBm0YpbvaDJFDdtbF1Z08Uxvs641/

Score

10^/10

quasar

Malware Config

Extracted

Family

quasar

Attributes

encryption_key
6DC75341715F183F008C5D5A26E1967745A885D9
reconnect_delay
3000

Signatures

Quasar family
quasar

Quasar payload 1 IoCs

resource	yara_rule
sample	family_quasar

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
Ton618.exe

Files

Ton618.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 6.6MB - Virtual size: 6.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ