quasar | Client-be3uilt[.]exe | Triage

Sharing

General

Target

Client-be3uilt.exe
Size

1.9MB
MD5

f6f414c145d0acecfdd3cfba707386d3
SHA1

b7281f8c899da4fd46e814ccadda4b3f03db365f
SHA256

b01844fd95ecc51c681f238a6351fe1e8d7228b931f4324b023c4598907e9c69
SHA512

68ac467e9c57fe6c2108217393e1ba45b48503d5274565460420e508e0add220c69120bd5551d7741996f20011a9d1e33f327d13cbff8f29223d6fce6d2a0d24
SSDEEP

24576:Y1JFoVGS2eWBRwRR16zhHIPbcNK0KKm77yviUSQaZaOwI55l2S62r9exnjUDB3u9:Y7FB7wR2EgKKm77LrwCB6T

Score

10^/10

quasar

Malware Config

Extracted

Family

quasar

C2

Attributes

encryption_key
43EB246F63BA6C5E8F1B8F576653410351E57F4E
reconnect_delay
3000
startup_key
�� 8}pQ��C��ʷu��

Signatures

Quasar family
quasar

Quasar payload 1 IoCs

resource	yara_rule
sample	family_quasar

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
Client-be3uilt.exe

Files

Client-be3uilt.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 364KB - Virtual size: 364KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ