Overview

overview

10

Static

static

10

1676-70-0x...ry.exe

windows7-x64

1676-70-0x...ry.exe

windows10-2004-x64

Sharing

Copy URL
Twitter E-mail

General

  • Target

    1676-70-0x0000000000400000-0x0000000000724000-memory.dmp

  • Size

    3.1MB

  • MD5

    3194a43ba64d22f5fc7538464a00a3ac

  • SHA1

    22fed476aedeb205eb498277712d8a7d31f62ad4

  • SHA256

    f09da146c637dd01f05a2bd1d685a35612c549d1012c6c3e77c7cbf7320435d9

  • SHA512

    8d72db437aa98c91f05af6c88081e909a360b54e5ca9f5c282c8c1f3c0a995f397e17485022011885b85cff53b5307ddc6a340c5655093bc1a35755d132d24c5

  • SSDEEP

    49152:uvrlL26AaNeWgPhlmVqvMQ7XSKQCfC+5g+nBeULoGadTHHB72eh2NT:uvRL26AaNeWgPhlmVqkQ7XSK5C4

Score
10/10
bsssquasar

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

BSSS

C2

uzgrode.hopto.org:4782

54.39.249.59:4782
Mutex

5a6f93bb-12b6-4772-88e4-0bca0c63e32d

Attributes
  • encryption_key

    2D03D2AF3B6D05E5871555497FAF558A6487DF6A

  • install_name

    adobeno.exe

  • log_directory

    Logs

  • reconnect_delay

    3000

  • startup_key

    WindowsNow Startup

  • subdirectory

    AdobeNow

Signatures

  • Quasar family
    quasar
  • Quasar payload 1 IoCs
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 1676-70-0x0000000000400000-0x0000000000724000-memory.dmp
    .exe windows x86


    Headers

    Sections