Overview

overview

10

Static

static

10

3944-157-0...ry.exe

windows7-x64

3944-157-0...ry.exe

windows10-2004-x64

Sharing

Copy URL
Twitter E-mail

General

  • Target

    3944-157-0x0000000000400000-0x000000000045E000-memory.dmp

  • Size

    376KB

  • Sample

    230419-x9rd6sda47

  • MD5

    4f43c8ac75d035886bd26810f7d72e2b

  • SHA1

    5766be1ae045f5ea9b85769a62d2861178c87731

  • SHA256

    376b51d6efd1870c95810c057cf7c5fd7e3bbe5b55b4f90aad73e304a4395b74

  • SHA512

    9f19f66399f675c03a505d0d17cd8c07f674db68ddc0bbc7140820203c35a4b9c95f1f2e692adc48c19515caade28e2ba7d3e7c94d1b7c81e72a72e0050ac3a7

  • SSDEEP

    6144:ot6bPXhLApfpNlJ53QLy6bVyefqyDi4MHRNhg:cmhApFJ2ylyu4MHRNhg

Score
10/10
quasarsuccess

Malware Config

Extracted

Family

quasar

Version

1.3.0.0

Botnet

SUCCESS

C2

41.185.97.216:4782

Mutex

MUTEX_KMkEYpkuWKDvhVsEcT

Attributes
  • encryption_key

    kbnBYlo1Zoug7VQGhNv1

  • install_name

    Client.exe

  • log_directory

    Logs

  • reconnect_delay

    3000

  • startup_key

    cmd

  • subdirectory

    SubDir

Targets

    • Target

      3944-157-0x0000000000400000-0x000000000045E000-memory.dmp

    • Size

      376KB

    • MD5

      4f43c8ac75d035886bd26810f7d72e2b

    • SHA1

      5766be1ae045f5ea9b85769a62d2861178c87731

    • SHA256

      376b51d6efd1870c95810c057cf7c5fd7e3bbe5b55b4f90aad73e304a4395b74

    • SHA512

      9f19f66399f675c03a505d0d17cd8c07f674db68ddc0bbc7140820203c35a4b9c95f1f2e692adc48c19515caade28e2ba7d3e7c94d1b7c81e72a72e0050ac3a7

    • SSDEEP

      6144:ot6bPXhLApfpNlJ53QLy6bVyefqyDi4MHRNhg:cmhApFJ2ylyu4MHRNhg

    Score
    1/10
    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks