Overview

overview

10

Static

static

10

1528-201-0...ry.exe

windows7-x64

1528-201-0...ry.exe

windows10-2004-x64

Sharing

Copy URL Twitter E-mail

General

  • Target

    1528-201-0x0000000000400000-0x000000000045E000-memory.dmp

  • Size

    376KB

  • MD5

    69e08ded4d4a90278b7195026bd825a7

  • SHA1

    d6231a00f9e1bb66ab5a9e015eae70725be00c8c

  • SHA256

    5a5ef3b5631535495b58bcdae1458723e57c5b2c1c21b2614b2fa6d18a67a67e

  • SHA512

    66bfffeece8413a9abf59c3b7fb770bfb29e00618fc0fcd61155fb115bc716cf3142bc4cc5901ce9f32e844a240d32b5b40ab55a8cfd5d41d2e76feaa1d90a9d

  • SSDEEP

    3072:EIrt+8Hiefcu00MKpyDcsvFdZsgXvA/AkZSO7Xq77ETh1baBoQKog8AqAqA129H4:ECNHXf500MsBOnubvQN0ccCYIG

Score
10/10
swlquasar

Malware Config

Extracted

Family

quasar

Version

1.3.0.0

Botnet

swl

C2

www.dnuocc.com:64577

dnuocc.com:64577
Mutex

QSR_MUTEX_bDp72SOlXKAdZdeo2z

Attributes
  • encryption_key

    KdH85RjC8XbiO6MKrrfc

  • install_name

    msi.exe

  • log_directory

    Logs

  • reconnect_delay

    25000

  • startup_key

    msi

  • subdirectory

    mvi

Signatures

  • Quasar family
    quasar
  • Quasar payload 1 IoCs

Files

  • 1528-201-0x0000000000400000-0x000000000045E000-memory.dmp
    .exe windows x86


    Headers

    Sections