Overview

overview

10

Static

static

10

4840-230-0...ry.exe

windows7-x64

4840-230-0...ry.exe

windows10-2004-x64

Sharing

Copy URL Twitter E-mail

General

  • Target

    4840-230-0x0000000000400000-0x000000000045E000-memory.dmp

  • Size

    376KB

  • MD5

    91870283734f7594697e079440e73862

  • SHA1

    3d855f01febfff6d4fe17d265cd2fa9be2ef8f5a

  • SHA256

    96661af7920aeec7d3b61463843a8a7c037692c88fb9efc39c50c3b290b18da8

  • SHA512

    1ee03838f72af79f6f14e87525d3ad6d85833ec1119f4b6412ec000498172c11eb67fb83eff45c92f5e61e289ee11bab64d9333a65142d631b4d63be2a9d526e

  • SSDEEP

    3072:0crt+8Hiefcu00MKpyDcsvPLxge9CUqcojBHLK9EThSbkKiWAEDjARQfWhk9fedo:02NHXf500MVRoVHLOpb9ihQfL9cOKNW

Score
10/10
capetownquasar

Malware Config

Extracted

Family

quasar

Version

1.3.0.0

Botnet

CapeTown

C2

rick63.publicvm.com:6440

Mutex

QSR_MUTEX_xPSVfzeqWuSHdIhuaX

Attributes
  • encryption_key

    EjptSNCYisgtJuZGhuYO

  • install_name

    Client.exe

  • log_directory

    Logs

  • reconnect_delay

    3000

  • startup_key

    Quasar Client Startup

  • subdirectory

    SubDir

Signatures

  • Quasar family
    quasar
  • Quasar payload 1 IoCs

Files

  • 4840-230-0x0000000000400000-0x000000000045E000-memory.dmp
    .exe windows x86


    Headers

    Sections