General
-
Target
2804-151-0x0000000000400000-0x000000000045E000-memory.dmp
-
Size
376KB
-
MD5
4f41be1eb1cca19175109e2b4a38df82
-
SHA1
3dbcd653fcf182f247b7e8fbc38c3b97d39d06d3
-
SHA256
6453b930207da29f187f4bf0cca9080f2aa53119c0c75b84b3123876cbb4c026
-
SHA512
aec72ddfe18cdfa63915f1609cac9f6dadb096a52f72a91ea7fa1670f757557d4e249b191d03513e452ce001cb95651217acd54fc4c107354938ac38c6e4a46e
-
SSDEEP
6144:/5cz2A9WFd7bjyQUuxV3HN4sSizY8wfPg2SjkPbszf3z3LO9TcluujxpTQ:Bs0d7bjyQUuxV3HN4sSimIlQa3ja9TcW
Score
10/10
Malware Config
Extracted
Family
quasar
Version
1.6.0.0
Botnet
>170123<
C2
previous-page.mooo.com:3690
Mutex
QSR_MUTEX_X1krWyMU4VV4RAE2HC>170123<
Attributes
-
encryption_key
QSdlBYx5GYjx0p05SBk2
-
install_name
VAS6154LogMsg.exe
-
log_directory
LogMsg
-
reconnect_delay
3000
-
startup_key
VAS6154LogMsg
-
subdirectory
ACTIA_GmbH
Signatures
-
Quasar family
-
Quasar payload 1 IoCs
Files
-
2804-151-0x0000000000400000-0x000000000045E000-memory.dmp
Headers
Sections