General

  • Target

    4772-415-0x0000000000400000-0x000000000044E000-memory.dmp

  • Size

    312KB

  • MD5

    d96c15384d2d2e56af6d76b9c7842cff

  • SHA1

    74e243b9709bb0616908a5235546aa7b71a1951e

  • SHA256

    f8852096f628a23d73938386837b0d9b8494442b98a64eb9d50b2b843909e25f

  • SHA512

    88b7b914e50871a34ed3810b27941ec005337bc6806fc03e93c3395e89aa3e91d4a98aed20c8dbb1e41c06075f261c21be20b6bdf62c921dcc74d3bf54b2146d

  • SSDEEP

    6144:dKJuiyEnCGnhJlMP5Kq+SMv0VGb7bDcllbkOp/C:kzCGL69zVGkllbkO0

Score
10/10

Malware Config

Extracted

Family

quasar

Version

1.4.0.0

Botnet

Office04

C2

51.89.157.248:4782

Mutex

MvfU8Y7jQptTEqcSWG

Attributes
  • encryption_key

    gfcyUhYEMEq5BWNn8aVX

  • install_name

    Client.exe

  • log_directory

    Logs

  • reconnect_delay

    3000

  • startup_key

    Quasar Client Startup

  • subdirectory

    SubDir

Signatures

  • Quasar family
  • Quasar payload 1 IoCs

Files

  • 4772-415-0x0000000000400000-0x000000000044E000-memory.dmp
    .exe windows x86


    Headers

    Sections