quasar | rat[.]exe | Triage

Sharing

General

Target

rat.exe
Size

3.0MB
MD5

4f430abe700993232b5f97d3383517ab
SHA1

f9248a808a8fd6d92899ed8257ee133d34c382d7
SHA256

5e40364cd4314af051efde7ca70e784ccf6e77976c008a05f6a61cdcb86b6fcf
SHA512

ebf0384e92beaaa788ebe37fa030a4013f89cf7e1e137c374d729b06a365340028142cfdcb18ffbeb0504a8dd631aded2a64c25e48446120719f5c9988eec23d
SSDEEP

24576:vNeODL4o1TNKsmdRhHJUs4STTKI51CQ/1b/qo+/KfMOEA3ZcDvQ4tN7j7paDJdiq:vNeODL4o1TNKHdRlZTTKgRIv+sm7AB

Score

10^/10

quasar

Malware Config

Signatures

Quasar family
quasar

Quasar payload 1 IoCs

resource	yara_rule
sample	family_quasar

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
rat.exe

Files

rat.exe
.exe windows:4 windows x86 arch:x86

Password: 1

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 3.0MB - Virtual size: 3.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ