Overview

overview

10

Static

static

10

784-59-0x0...ry.exe

windows7-x64

1

784-59-0x0...ry.exe

windows10-2004-x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    784-59-0x0000000000400000-0x000000000045E000-memory.dmp

  • Size

    376KB

  • Sample

    230212-zarxrsgd59

  • MD5

    349fd600a2e73e6f1066d7ed068f32cb

  • SHA1

    1a2ac6d17204f7a945d3b0b5bc65ae204e8f8bb6

  • SHA256

    9fec0e96ca8724463d4df3a038f74c42548c7c4e26c45b884724c33ddcd28d35

  • SHA512

    068872f120ddf87b56cb3021b6f654868088a400d5fede03b6f0ebaf92280abdd53f0295b0ff8089d01a85591bae5e8242311978635f744eb947dbe3200e6abc

  • SSDEEP

    6144:jsDQoBTOz7GWATN/m6b+RTXKFYFlm4r69SihB:gjTOcEJXoom4r69SMB

Score
10/10
quasaret

Malware Config

Extracted

Family

quasar

Version

1.3.0.0

Botnet

ET

C2

orcus.dyndns.org:1605

lsdw.dyndns.org:1606

labeokunta.dynnds.org:1606

xpert.dyndns.biz:1605

qz.dyndns.org:1605

imageline.dyndns.org:1606

kontakt-update.selfip.net:1606
Mutex

QSR_MUTEX_X8N0tEAk1p1Gbe9ioj

Attributes
  • encryption_key

    jVpAHlJqCIQYSDZsOYMx

  • install_name

    Client.exe

  • log_directory

    db.xlm

  • reconnect_delay

    30000

  • startup_key

    Quasar Client Startup

  • subdirectory

    SubDir

Targets

    • Target

      784-59-0x0000000000400000-0x000000000045E000-memory.dmp

    • Size

      376KB

    • MD5

      349fd600a2e73e6f1066d7ed068f32cb

    • SHA1

      1a2ac6d17204f7a945d3b0b5bc65ae204e8f8bb6

    • SHA256

      9fec0e96ca8724463d4df3a038f74c42548c7c4e26c45b884724c33ddcd28d35

    • SHA512

      068872f120ddf87b56cb3021b6f654868088a400d5fede03b6f0ebaf92280abdd53f0295b0ff8089d01a85591bae5e8242311978635f744eb947dbe3200e6abc

    • SSDEEP

      6144:jsDQoBTOz7GWATN/m6b+RTXKFYFlm4r69SihB:gjTOcEJXoom4r69SMB

    Score
    3/10
    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks