General
-
Target
3216-3438-0x0000000000400000-0x000000000045E000-memory.dmp
-
Size
376KB
-
MD5
a95a7a84ed7fbdb544b536164f363501
-
SHA1
5b7f57dc864fa24e8a78bde38637c57403339576
-
SHA256
a53aaa2ec74ee736e5b575751e154f6239a788f5b7573e8b96a868e8430fbf6a
-
SHA512
44dc50f202d4d27c15f769a4c6ba72279a3a8c95fba9d5e6b624ebfa336b058382841aff27356561d938229c9663d72fb0825095a5518e8427b88b3b1c0cd578
-
SSDEEP
6144:hF6bPXhLApfpuZb9xh6aPv60rsnK9bbePSPGHDcFqHuC:DmhApIb9j9OPsscFGuC
Score
10/10
Malware Config
Extracted
Family
quasar
Version
1.3.0.0
Botnet
16th JULY
C2
198.98.54.161:6666
Mutex
QSR_MUTEX_Pl8uFsFQG2ggU9gBx9
Attributes
-
encryption_key
3XivPs8YQVpfxU1EhGZE
-
install_name
Client.exe
-
log_directory
Logs
-
reconnect_delay
3000
-
startup_key
notes
-
subdirectory
SubDir
Signatures
-
Quasar family
-
Quasar payload 1 IoCs
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Files
-
3216-3438-0x0000000000400000-0x000000000045E000-memory.dmp
Headers
Sections