General
-
Target
2352-4-0x0000000000200000-0x0000000000524000-memory.dmp
-
Size
3.1MB
-
MD5
5958e9d3d0f6266c4b4b604df944f8f4
-
SHA1
5a7df7ce30b189f5e724d441b85ed53679af9883
-
SHA256
da5ce19c0992b88475ea96f62d434c13bda08e0b5028a7f5d299e7a64d31f73f
-
SHA512
ce8cbfd167042faecd8c8461fb18a19fb7f9bbd9b14521ba83a966db523b8e674c66f0ec0264aa76ac9185f09878bb7f58e47414bdbbe45016cdad0d63c7df6f
-
SSDEEP
49152:/vvI22SsaNYfdPBldt698dBcjH4dJ4oGdfTHHB72eh2NT:/vg22SsaNYfdPBldt6+dBcjH4dq
Score
10/10
Malware Config
Extracted
Family
quasar
Version
1.4.1
Botnet
Tru
C2
msi.servet.site:4782
si.servet.site:4782
Mutex
e6014a62-7041-454f-9b62-24d01e22fdc4
Attributes
-
encryption_key
8EC54092718FA50F667C672F27638133FB074D00
-
install_name
Client.exe
-
log_directory
Msi
-
reconnect_delay
3000
-
startup_key
Startup
-
subdirectory
SubDir
Signatures
-
Quasar family
-
Quasar payload 1 IoCs
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Files
-
2352-4-0x0000000000200000-0x0000000000524000-memory.dmp
Headers
Sections