Overview

overview

10

Static

static

10

2400-2349-...ry.exe

windows7-x64

2400-2349-...ry.exe

windows10-2004-x64

Sharing

Copy URL Twitter E-mail

General

  • Target

    2400-2349-0x0000000000400000-0x000000000045E000-memory.dmp

  • Size

    376KB

  • MD5

    00a2283706f95c249f32ab0afce5c2ab

  • SHA1

    107db0bb266240dc602764a3359d3fa00dbf8295

  • SHA256

    f476c76bdcf5bf3a4b16ecb22b01d07291b278ed87b055fdae13bd694f87f8f6

  • SHA512

    7d4e61b3902f7e0e5631e4d49017b79aec3e7ec65943610bf6e6d19eff16d07d59a808f81881a7f06dafeac93fc6e49822e69be9c8a882c4cd46d7ffeb0c6b67

  • SSDEEP

    6144:LF6bPXhLApfpuZb9xh6aPv60rsnK9bbePSPGHDcFqHuC:BmhApIb9j9OPsscFGuC

Score
10/10
16th julyquasar

Malware Config

Extracted

Family

quasar

Version

1.3.0.0

Botnet

16th JULY

C2

198.98.54.161:6666

Mutex

QSR_MUTEX_Pl8uFsFQG2ggU9gBx9

Attributes
  • encryption_key

    3XivPs8YQVpfxU1EhGZE

  • install_name

    Client.exe

  • log_directory

    Logs

  • reconnect_delay

    3000

  • startup_key

    notes

  • subdirectory

    SubDir

Signatures

  • Quasar family
    quasar
  • Quasar payload 1 IoCs
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 2400-2349-0x0000000000400000-0x000000000045E000-memory.dmp
    .exe windows x86


    Headers

    Sections