General

  • Target

    1680-76-0x0000000000400000-0x000000000044E000-memory.dmp

  • Size

    312KB

  • Sample

    230205-tssn5add8x

  • MD5

    0b885532c6b93349641bac034a6ed503

  • SHA1

    bf7386c85a085e6ca0add1ccccbbeef11d42b74b

  • SHA256

    41210fc05feeba8a31adcf8ea2866d353f75c05eedba6d783a85b4151f51a572

  • SHA512

    fa20225d402374cae4f0caef949dd6c73b5ff6a3c4c5f8667becdf9abcdb95b85547c671304ec8cef4b4011dbb4ef8dfd82a14d9b59cfc82500ef6a29f1e72f7

  • SSDEEP

    6144:6vDq5pIf18BoBzM/P5Kq+SMv0VGb7bDcllbkI:XE+SzY9zVGkllbk

Score
10/10

Malware Config

Extracted

Family

quasar

Version

1.4.0.0

Botnet

Office04

C2

youhackernetpaingodxd.duckdns.org:5557

blablashitspreading.ddns.net:5557

Mutex

xEoEv3HHdyEIYwJRFM

Attributes
  • encryption_key

    w3WfcmWh1iXT9cxeKFEX

  • install_name

    Client.exe

  • log_directory

    Logs

  • reconnect_delay

    3000

  • startup_key

    Quasar Client Startup

  • subdirectory

    SubDir

Targets

    • Target

      1680-76-0x0000000000400000-0x000000000044E000-memory.dmp

    • Size

      312KB

    • MD5

      0b885532c6b93349641bac034a6ed503

    • SHA1

      bf7386c85a085e6ca0add1ccccbbeef11d42b74b

    • SHA256

      41210fc05feeba8a31adcf8ea2866d353f75c05eedba6d783a85b4151f51a572

    • SHA512

      fa20225d402374cae4f0caef949dd6c73b5ff6a3c4c5f8667becdf9abcdb95b85547c671304ec8cef4b4011dbb4ef8dfd82a14d9b59cfc82500ef6a29f1e72f7

    • SSDEEP

      6144:6vDq5pIf18BoBzM/P5Kq+SMv0VGb7bDcllbkI:XE+SzY9zVGkllbk

    Score
    1/10

MITRE ATT&CK Matrix

Tasks