Overview

overview

10

Static

static

10

1792-77-0x...ry.exe

windows7-x64

1792-77-0x...ry.exe

windows10-2004-x64

Sharing

Copy URL
Twitter E-mail

General

  • Target

    1792-77-0x0000000000400000-0x0000000000724000-memory.dmp

  • Size

    3.1MB

  • Sample

    230528-wqa3eage8v

  • MD5

    46676daf837efe5311a2f51a70567285

  • SHA1

    83cb8bafe29869de89f34b3dc385b7bb0d79a332

  • SHA256

    283817c55521afd1f819213be756dd54d71a25e824c06d9a4365042c1d43af02

  • SHA512

    59d4c323bd433b70f2450d9c4ea54529fa01d01041b25081ad2ccba0bfc877e9890d69fbb3459f23bf0a80179ae215c10978335c46d6985971c0ccef359ff716

  • SSDEEP

    49152:rvGlL26AaNeWgPhlmVqvMQ7XSKJ19GSh3ar6joGd5HHTHHB72eh2NT:rvGL26AaNeWgPhlmVqkQ7XSKP9fhBJ

Score
10/10
quasaroffice04

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

Office04

C2

microsoftbackup.duckdns.org:47600

Mutex

b97303a2-a8f5-4170-91c1-56adceee5081

Attributes
  • encryption_key

    A31E078A7CC45D3676D5AE3FB460C3E365219397

  • install_name

    Client.exe

  • log_directory

    Log

  • reconnect_delay

    3000

  • startup_key

    Quasar Client Startup

  • subdirectory

    SubDir

Targets

    • Target

      1792-77-0x0000000000400000-0x0000000000724000-memory.dmp

    • Size

      3.1MB

    • MD5

      46676daf837efe5311a2f51a70567285

    • SHA1

      83cb8bafe29869de89f34b3dc385b7bb0d79a332

    • SHA256

      283817c55521afd1f819213be756dd54d71a25e824c06d9a4365042c1d43af02

    • SHA512

      59d4c323bd433b70f2450d9c4ea54529fa01d01041b25081ad2ccba0bfc877e9890d69fbb3459f23bf0a80179ae215c10978335c46d6985971c0ccef359ff716

    • SSDEEP

      49152:rvGlL26AaNeWgPhlmVqvMQ7XSKJ19GSh3ar6joGd5HHTHHB72eh2NT:rvGL26AaNeWgPhlmVqkQ7XSKP9fhBJ

    Score
    1/10
    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks