Overview

overview

10

Static

static

10

1684-67-0x...ry.exe

windows7-x64

1684-67-0x...ry.exe

windows10-2004-x64

Sharing

Copy URL
Twitter E-mail

General

  • Target

    1684-67-0x0000000000400000-0x000000000045E000-memory.dmp

  • Size

    376KB

  • Sample

    230420-g1gwdaaa5w

  • MD5

    97fe1546b775b223e0c24a1838cf9b80

  • SHA1

    c3d1c29dc4c595674e8c28d2a6dfcdf0232973be

  • SHA256

    6373f7c80efdb9678002913070ba54d639be9be8823c190428fc42ed1f55c921

  • SHA512

    96b463bbbc34c3b55544a9c4a9abb480d4b59ffc479241a6cf87c6d90b2b428178ad570a825c10a6b9592a8650409d9925cb131315d0366f83da71d10d8827d7

  • SSDEEP

    6144:ot6bPXhLApfpNlJ53QLy6bVyefqyDi4MHRNh:cmhApFJ2ylyu4MHRNh

Score
10/10
quasarsuccess

Malware Config

Extracted

Family

quasar

Version

1.3.0.0

Botnet

SUCCESS

C2

41.185.97.216:4782

Mutex

MUTEX_KMkEYpkuWKDvhVsEcT

Attributes
  • encryption_key

    kbnBYlo1Zoug7VQGhNv1

  • install_name

    Client.exe

  • log_directory

    Logs

  • reconnect_delay

    3000

  • startup_key

    cmd

  • subdirectory

    SubDir

Targets

    • Target

      1684-67-0x0000000000400000-0x000000000045E000-memory.dmp

    • Size

      376KB

    • MD5

      97fe1546b775b223e0c24a1838cf9b80

    • SHA1

      c3d1c29dc4c595674e8c28d2a6dfcdf0232973be

    • SHA256

      6373f7c80efdb9678002913070ba54d639be9be8823c190428fc42ed1f55c921

    • SHA512

      96b463bbbc34c3b55544a9c4a9abb480d4b59ffc479241a6cf87c6d90b2b428178ad570a825c10a6b9592a8650409d9925cb131315d0366f83da71d10d8827d7

    • SSDEEP

      6144:ot6bPXhLApfpNlJ53QLy6bVyefqyDi4MHRNh:cmhApFJ2ylyu4MHRNh

    Score
    1/10
    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks