General

  • Target

    1004-72-0x0000000000400000-0x000000000044E000-memory.dmp

  • Size

    312KB

  • MD5

    77c0de0ca10dbb637b90314d76bd0869

  • SHA1

    409e9d17031d541941c90a31ac0a4a40abe74dac

  • SHA256

    fa7001e559d4bd7477f7b0a729070211caa49178ff22a2d60fb059d3f930e957

  • SHA512

    7d48ec2e5bf0b914a778b5c84f3e60335e806a30a4ef5dea02c5cb570568a4ee21ef29744f00aa7bc66af21bf0676c95b76efe05a1c31b4a9391b546fc53c7dc

  • SSDEEP

    6144:dKJuiyEnCGnhJlMP5Kq+SMv0VGb7bDcllbkOp/:kzCGL69zVGkllbkO

Score
10/10

Malware Config

Extracted

Family

quasar

Version

1.4.0.0

Botnet

Office04

C2

51.89.157.248:4782

Mutex

MvfU8Y7jQptTEqcSWG

Attributes
  • encryption_key

    gfcyUhYEMEq5BWNn8aVX

  • install_name

    Client.exe

  • log_directory

    Logs

  • reconnect_delay

    3000

  • startup_key

    Quasar Client Startup

  • subdirectory

    SubDir

Signatures

  • Quasar family
  • Quasar payload 1 IoCs

Files

  • 1004-72-0x0000000000400000-0x000000000044E000-memory.dmp
    .exe windows x86


    Headers

    Sections