General
-
Target
1680-76-0x0000000000400000-0x000000000044E000-memory.dmp
-
Size
312KB
-
Sample
230205-tssn5add8x
-
MD5
0b885532c6b93349641bac034a6ed503
-
SHA1
bf7386c85a085e6ca0add1ccccbbeef11d42b74b
-
SHA256
41210fc05feeba8a31adcf8ea2866d353f75c05eedba6d783a85b4151f51a572
-
SHA512
fa20225d402374cae4f0caef949dd6c73b5ff6a3c4c5f8667becdf9abcdb95b85547c671304ec8cef4b4011dbb4ef8dfd82a14d9b59cfc82500ef6a29f1e72f7
-
SSDEEP
6144:6vDq5pIf18BoBzM/P5Kq+SMv0VGb7bDcllbkI:XE+SzY9zVGkllbk
Behavioral task
behavioral1
Sample
1680-76-0x0000000000400000-0x000000000044E000-memory.exe
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
1680-76-0x0000000000400000-0x000000000044E000-memory.exe
Resource
win10v2004-20221111-en
Malware Config
Extracted
quasar
1.4.0.0
Office04
youhackernetpaingodxd.duckdns.org:5557
blablashitspreading.ddns.net:5557
xEoEv3HHdyEIYwJRFM
-
encryption_key
w3WfcmWh1iXT9cxeKFEX
-
install_name
Client.exe
-
log_directory
Logs
-
reconnect_delay
3000
-
startup_key
Quasar Client Startup
-
subdirectory
SubDir
Targets
-
-
Target
1680-76-0x0000000000400000-0x000000000044E000-memory.dmp
-
Size
312KB
-
MD5
0b885532c6b93349641bac034a6ed503
-
SHA1
bf7386c85a085e6ca0add1ccccbbeef11d42b74b
-
SHA256
41210fc05feeba8a31adcf8ea2866d353f75c05eedba6d783a85b4151f51a572
-
SHA512
fa20225d402374cae4f0caef949dd6c73b5ff6a3c4c5f8667becdf9abcdb95b85547c671304ec8cef4b4011dbb4ef8dfd82a14d9b59cfc82500ef6a29f1e72f7
-
SSDEEP
6144:6vDq5pIf18BoBzM/P5Kq+SMv0VGb7bDcllbkI:XE+SzY9zVGkllbk
Score1/10 -