General
-
Target
784-59-0x0000000000400000-0x000000000045E000-memory.dmp
-
Size
376KB
-
Sample
230212-zarxrsgd59
-
MD5
349fd600a2e73e6f1066d7ed068f32cb
-
SHA1
1a2ac6d17204f7a945d3b0b5bc65ae204e8f8bb6
-
SHA256
9fec0e96ca8724463d4df3a038f74c42548c7c4e26c45b884724c33ddcd28d35
-
SHA512
068872f120ddf87b56cb3021b6f654868088a400d5fede03b6f0ebaf92280abdd53f0295b0ff8089d01a85591bae5e8242311978635f744eb947dbe3200e6abc
-
SSDEEP
6144:jsDQoBTOz7GWATN/m6b+RTXKFYFlm4r69SihB:gjTOcEJXoom4r69SMB
Behavioral task
behavioral1
Sample
784-59-0x0000000000400000-0x000000000045E000-memory.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
784-59-0x0000000000400000-0x000000000045E000-memory.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
quasar
1.3.0.0
ET
orcus.dyndns.org:1605
lsdw.dyndns.org:1606
labeokunta.dynnds.org:1606
xpert.dyndns.biz:1605
qz.dyndns.org:1605
imageline.dyndns.org:1606
kontakt-update.selfip.net:1606
QSR_MUTEX_X8N0tEAk1p1Gbe9ioj
-
encryption_key
jVpAHlJqCIQYSDZsOYMx
-
install_name
Client.exe
-
log_directory
db.xlm
-
reconnect_delay
30000
-
startup_key
Quasar Client Startup
-
subdirectory
SubDir
Targets
-
-
Target
784-59-0x0000000000400000-0x000000000045E000-memory.dmp
-
Size
376KB
-
MD5
349fd600a2e73e6f1066d7ed068f32cb
-
SHA1
1a2ac6d17204f7a945d3b0b5bc65ae204e8f8bb6
-
SHA256
9fec0e96ca8724463d4df3a038f74c42548c7c4e26c45b884724c33ddcd28d35
-
SHA512
068872f120ddf87b56cb3021b6f654868088a400d5fede03b6f0ebaf92280abdd53f0295b0ff8089d01a85591bae5e8242311978635f744eb947dbe3200e6abc
-
SSDEEP
6144:jsDQoBTOz7GWATN/m6b+RTXKFYFlm4r69SihB:gjTOcEJXoom4r69SMB
Score3/10 -