Overview

overview

10

Static

static

10

2660-10-0x...ry.exe

windows7-x64

2660-10-0x...ry.exe

windows10-2004-x64

Sharing

Copy URL Twitter E-mail

General

  • Target

    2660-10-0x0000000000400000-0x0000000000484000-memory.dmp

  • Size

    528KB

  • MD5

    69fcdc84e6d39b9717c42cb74434b7b7

  • SHA1

    a7b2ddfb06ff10fa9c60654914b4177bb4c438db

  • SHA256

    5ef5f58662416b1bff0b3c39bbca049624bdc65e367c87afe746d83e77b8191e

  • SHA512

    1b9f20589c11eec796580760ae77a5736d7348e8dfdc830210defc60fa77d08992582048e9f26e595a08b15dd4da18d779b486e621bd3aab0cce4e1147822be7

  • SSDEEP

    6144:ATEgdc0Y6ebGbXOsA6j1Rdh4XKg3uPLyURNVmRfVNcEgjb8F9d2wJhgRRHyRcTR3:ATEgdfYQA60K3BMR3QY/20UHyRcd

Score
10/10
mix21quasar

Malware Config

Extracted

Family

quasar

Version

1.4.0

Botnet

MIX21

C2

pettbull.ddns.net:4782

Mutex

69383ffd-4823-44c2-b21f-a105f85ed9a0

Attributes
  • encryption_key

    DAE9E02E5E04D59D9AF2AA1D5E82248D5919AC6A

  • install_name

    Windows Service.exe

  • log_directory

    Logs

  • reconnect_delay

    3000

  • startup_key

    Microsoft Windows

  • subdirectory

    Windows Update

Signatures

  • Quasar family
    quasar
  • Quasar payload 1 IoCs
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 2660-10-0x0000000000400000-0x0000000000484000-memory.dmp
    .exe windows:4 windows x86


    Headers

    Sections