General

  • Target

    2304-203-0x0000000000400000-0x0000000000724000-memory.dmp

  • Size

    3.1MB

  • Sample

    230529-hhpc6sab22

  • MD5

    f053b0ff24d89693c90409b6d4b36eb3

  • SHA1

    1eded4d02b5e40354e3966403884f2f69b307492

  • SHA256

    cc2ca8313e32b174ffe94d79bbdb19725d777ea77de8f4896eb90c6aeb5801ed

  • SHA512

    425724493e5af4627cc688434bc82979dc7b61b0daa2544c4bf2f39a37f2b9e92d49a5c28c08d07fc95b11d8d84d7c43f7dcbc4e2c5834a3cbbd37816749047a

  • SSDEEP

    49152:GvbI22SsaNYfdPBldt698dBcjHxCz1JFLoGdnTHHB72eh2NT:Gvk22SsaNYfdPBldt6+dBcjHxC5

Score
10/10

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

Office04

C2

139.99.114.150:4782

Mutex

5d00609e-0fa1-420e-ae32-932ac5f0d8a0

Attributes
  • encryption_key

    353F228C32E13DAE9184FE5306B840EBAF1CD966

  • install_name

    Client.exe

  • log_directory

    Logs

  • reconnect_delay

    3000

  • startup_key

    Quasar Client Startup

  • subdirectory

    SubDir

Targets

    • Target

      2304-203-0x0000000000400000-0x0000000000724000-memory.dmp

    • Size

      3.1MB

    • MD5

      f053b0ff24d89693c90409b6d4b36eb3

    • SHA1

      1eded4d02b5e40354e3966403884f2f69b307492

    • SHA256

      cc2ca8313e32b174ffe94d79bbdb19725d777ea77de8f4896eb90c6aeb5801ed

    • SHA512

      425724493e5af4627cc688434bc82979dc7b61b0daa2544c4bf2f39a37f2b9e92d49a5c28c08d07fc95b11d8d84d7c43f7dcbc4e2c5834a3cbbd37816749047a

    • SSDEEP

      49152:GvbI22SsaNYfdPBldt698dBcjHxCz1JFLoGdnTHHB72eh2NT:Gvk22SsaNYfdPBldt6+dBcjHxC5

    Score
    1/10

MITRE ATT&CK Matrix

Tasks