General

  • Target

    1744-77-0x0000000000400000-0x000000000044E000-memory.dmp

  • Size

    312KB

  • MD5

    050e2bd5f198fcb9f6721e15e8c30a11

  • SHA1

    b3bae6c9e44c4dfac7a4ccc2e9297192b4f19a46

  • SHA256

    e45ad1dc171a2caf19a883937d6efa6641508b588a526901429fb61398cef4be

  • SHA512

    37a4a527d120bce847126163506aa94371af5ea68f246c4b9430e69df99afb1de1fc0106fd0eb5b571c2643fb930cb3ab89a0cf2f142386f8a44955815bc335e

  • SSDEEP

    6144:6vDq5pIf18BoBzM/P5Kq+SMv0VGb7bDcllbkIC:XE+SzY9zVGkllbkV

Score
10/10

Malware Config

Extracted

Family

quasar

Version

1.4.0.0

Botnet

Office04

C2

youhackernetpaingodxd.duckdns.org:5557

blablashitspreading.ddns.net:5557

Mutex

xEoEv3HHdyEIYwJRFM

Attributes
  • encryption_key

    w3WfcmWh1iXT9cxeKFEX

  • install_name

    Client.exe

  • log_directory

    Logs

  • reconnect_delay

    3000

  • startup_key

    Quasar Client Startup

  • subdirectory

    SubDir

Signatures

  • Quasar family
  • Quasar payload 1 IoCs

Files

  • 1744-77-0x0000000000400000-0x000000000044E000-memory.dmp
    .exe windows x86


    Headers

    Sections