Overview

overview

10

Static

static

10

2696-195-0...ry.exe

windows7-x64

2696-195-0...ry.exe

windows10-2004-x64

Sharing

Copy URL Twitter E-mail

General

  • Target

    2696-195-0x0000000000400000-0x000000000045E000-memory.dmp

  • Size

    376KB

  • MD5

    b6a958e5c08a2c6599c80e94951ec253

  • SHA1

    5df3f2ca5707ec3247987f0332448f6043ef813f

  • SHA256

    a25c0d462cc0b34c90c6fc21c52eda4df361aff55401548dbe81c95f94d14725

  • SHA512

    b2799be46d2462192f45c1f9e62b8c7502dc0775915f2b2136d762de48f10715c6c37902cc10c0155df56543423e7fdadec0aa760015fc6b18fb90da16a99d73

  • SSDEEP

    6144:yKhJ10FpSizcN9QbLc0kH7B229vyK7Y3MQirbTIvFj+kQfEcUmT40i:yK31qK7Y8QizItHQccUmc0i

Score
10/10
-quasar

Malware Config

Extracted

Family

quasar

Version

1.3.0.0

Botnet

-

C2

94.131.105.161:12344

Mutex

QSR_MUTEX_UEgITWnMKnRP3EZFzK

Attributes
  • encryption_key

    5Q0JQBQQfAUHRJTcAIOF

  • install_name

    lient.exe

  • log_directory

    Lugs

  • reconnect_delay

    3000

  • startup_key

    itartup

  • subdirectory

    SubDir

Signatures

  • Quasar family
    quasar
  • Quasar payload 1 IoCs
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 2696-195-0x0000000000400000-0x000000000045E000-memory.dmp
    .exe windows x86


    Headers

    Sections