Overview

overview

10

Static

static

10

3248-9-0x0...ry.exe

windows7-x64

3248-9-0x0...ry.exe

windows10-2004-x64

Sharing

Copy URL Twitter E-mail

General

  • Target

    3248-9-0x0000000000400000-0x000000000045E000-memory.dmp

  • Size

    376KB

  • MD5

    fff2ccb7925a8fbfebbb3611379e7c4a

  • SHA1

    e9079af0fa09e2e7e3f1c474cf57b9bb6c0a37c9

  • SHA256

    52b7028d27c648fe36a32501d9ada4fdb0169c5a64a8cfab88a86b9b20af960f

  • SHA512

    eea1a2e7bbf78dd3a9510b20948e1772f27139e81590afb6a711ef13a9b71570ee5ef44ba22b1546fd4083414f4f87d39ba4b36515b9880475fb71b275232aa6

  • SSDEEP

    6144:aFPhSN0G6pan62ye3f+8g8zZoTqbKBL//BNatwiX11:SPG6p1EfuA4bd/B8twiF1

Score
10/10
ags2quasar

Malware Config

Extracted

Family

quasar

Version

1.3.0.0

Botnet

AGS2

C2

qpurrybeatmecamtest.ddns.net:65535

qpurrybeatmecamtest.ddns.net:63535

fronpeatcam.publicvm.com:62535
Mutex

QSR_MUTEX_rxZ4tcAKc625ULWesH

Attributes
  • encryption_key

    2y32mzySBAL9urmZ7afL

  • install_name

    fim.exe

  • log_directory

    Logs

  • reconnect_delay

    3000

  • startup_key

    fim

  • subdirectory

    frm

Signatures

  • Quasar family
    quasar
  • Quasar payload 1 IoCs
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 3248-9-0x0000000000400000-0x000000000045E000-memory.dmp
    .exe windows:4 windows x86


    Headers

    Sections