C:\Users\n\Downloads\BitJoiner by @Drcrypt0r\payload\obj\Debug\payload.pdb
Behavioral task
behavioral1
Sample
1.exe
Resource
win10v2004-20240611-en
General
-
Target
1.exe
-
Size
9.9MB
-
MD5
96d23c2d4dcee40729b28f949ca2d003
-
SHA1
8ab47f812f842cf093c0289daab045fb534ea7a1
-
SHA256
13d446a0227f75aa7cf81637029ecc0dd2238639a4c1cdef89748b360be7c626
-
SHA512
0b3b780f7ec58137bad0c97d8974ed6c4e8ecb5d1e2dab2e2c424cf172f24bb87dbd7f1d36249fae346bcb3e98d2877863b66ac41b0b09afe1d2e97907d6d34d
-
SSDEEP
196608:3iHTKMoeQFbfeN/FJMIDJf0gsAGK5SEQRWuAKt+L:M//Fqyf0gsfNRAK
Malware Config
Extracted
quasar
-
reconnect_delay
3000
Signatures
-
A stealer written in Python and packaged with Pyinstaller 1 IoCs
Processes:
resource yara_rule static1/unpack001/�8����.pyc blankgrabber -
Blankgrabber family
-
Quasar family
-
Quasar payload 1 IoCs
Processes:
resource yara_rule sample family_quasar -
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Processes:
resource 1.exe
Files
-
1.exe.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
PDB Paths
Imports
mscoree
_CorExeMain
Sections
.text Size: 9.8MB - Virtual size: 9.8MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.sdata Size: 512B - Virtual size: 312B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 51KB - Virtual size: 51KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
�8����.pyc