Overview

overview

10

Static

static

10

3948-166-0...ry.exe

windows7-x64

3948-166-0...ry.exe

windows10-2004-x64

Sharing

Copy URL
Twitter E-mail

General

  • Target

    3948-166-0x0000000000400000-0x000000000045E000-memory.dmp

  • Size

    376KB

  • Sample

    230104-bap66sdd95

  • MD5

    c3cc7c3cdc7cc4e405287299172f032b

  • SHA1

    9f14293496b44e25c0f1bec7ca38b9089bf8a5a5

  • SHA256

    b84f5424cb31633b056bde31da523deebfe00b5e7939dd11b44e3f1552798009

  • SHA512

    f45a39931d6ce2ed79d12b82dffe8031309eca8cde65872c60a23918e2bcfa1bdda71bd7502f43646297566e4c7ffca44c0748528be46a957d6b6aa85adf4d99

  • SSDEEP

    6144:7C2NHXf500M94OI7tfrMnlbTOSZ6fxjyWNmDMGoJOu:Vd50cOI2FpZOjU1oJOu

Score
10/10
quasarbtc

Malware Config

Extracted

Family

quasar

Version

1.3.0.0

Botnet

BTC

C2

newqs.ddns.net:6666

Mutex

QSR_MUTEX_yXXdA121x1YpxYg8uW

Attributes
  • encryption_key

    HFwfuOKEk3Fb6O6wDQ4B

  • install_name

    Client.exe

  • log_directory

    Logs

  • reconnect_delay

    3000

  • startup_key

    Quasar Client Startup

  • subdirectory

    SubDir

Targets

    • Target

      3948-166-0x0000000000400000-0x000000000045E000-memory.dmp

    • Size

      376KB

    • MD5

      c3cc7c3cdc7cc4e405287299172f032b

    • SHA1

      9f14293496b44e25c0f1bec7ca38b9089bf8a5a5

    • SHA256

      b84f5424cb31633b056bde31da523deebfe00b5e7939dd11b44e3f1552798009

    • SHA512

      f45a39931d6ce2ed79d12b82dffe8031309eca8cde65872c60a23918e2bcfa1bdda71bd7502f43646297566e4c7ffca44c0748528be46a957d6b6aa85adf4d99

    • SSDEEP

      6144:7C2NHXf500M94OI7tfrMnlbTOSZ6fxjyWNmDMGoJOu:Vd50cOI2FpZOjU1oJOu

    Score
    1/10
    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks